Do you hear Laurel or Yanny or is it On-Off Keying?, (Mon, May 28th)

Bernd shared a white paper this morning, “Analysis of an Ultrasound-Based Physical Tracking System ” by Cunche and Cardoso ( which goes over how they rever engineered an ultrasound-based in-store tracking application.  They wrote an app that generates it’s own ultrasonic sounds to jam such applications.  Souce code is available (alegedly, their GitLab instance was having an issue when I looked at it.)  The site does have samples of ultrasonic applications caught in the lab and in the wild ( which you could use for you experiments.

I’ve been interested in the interaction between ultrasonic and mobile technology since I saw Jameson Rader’s XT Audio Beacons ( that were used to syncrhonize a lightshow from attendee’s smartphones.  Digging further into that I needed tools to detect and generate these signals.  I first went to Audacity ( because I focusing on sound generation, but if I wanted to move data via ultrasound I would need modulation and demodulation which brought me to GNU Radio (

I wasn’t the first to think of that approach. There’s a demonstration using commodity laptops ( where he sends data very slowly at 23kHz.  They improved on the process and have nice full-duplax eample here:

There is simple chat program that uses this technique called Quietnet (

Others have raised privacy concerns about use of the technology (isn’t there always?)   In “Privacy Threats through Ultrasonic Side Channels on Mobile Devices” Arp, Quiring, Wressnegger, and Rieck ( they describe using SilverPush ( a marketing application to track a user via embedded signals is web ads.

It’s also used in Google Nearby (which uses seen wi-fi APs, and bluetooth in addition to audio beacons.)  When enabled a smartphone will generate ultrasonic signals and listen for other signals.

Now I want to head out to the maul with an audio spectrum analyzer.  The available-parking sensors, the in-store tracking, the smartphons of passers-by– what fun. 

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 1,350,969 bad guys.