Tor Users at Risk of Being Deanonymized by Ultrasound Cross-Device Tracking

People all over the world rely on Tor to maintain a certain level of privacy while browsing the Internet. A new type of attack could make Tor users vulnerable to deanonymization, though. By using ultrasound, it is theoretically possible to track users on the Internet, regardless of them using Tor or any other anonymity tool.

Using Ultrasounds To Deanonymize Tor Is A Threat

Demoed earlier at BlackHat Europe and the Chaos Computer Congress in late 2016, this new ultrasound “exploit” could make life very difficult for Tor users. To be more precise, a technique called ultrasound cross-device tracking is the culprit which makes this all possible. The advertising world has been using this technology for quite some time now, as they aim to track users on the Internet at all times.

As the name suggests, these ultrasound tones are inaudible to the human ear, although most dogs will pick them up without any issues. Despite the user not hearing it, it can be used in multiple ways to determine user behavior. Most of the devices we use these days, including smartphones, can pick up these ultrasounds using dedicated applications.




Once a mobile app hears this ultrasound tone, it can then ping the advertising network with details about the user. In most cases, this will include an IP address, GPS coordinates, a phone number, and even the IMEI code found on one’s SIM card. Although this has only been used for marketing purposes – as far as we know – it is not an unlikely governments and law enforcement agencies will use similar tactics over time.

The demo presented at BlackHat Europe 2016 paints a troublesome future for Tor users in this regard. All it takes is a dedicated campaign with this ultrasound service provider and an ultrasonic signal file. Additionally, as it needs to be created on the Tor network that plays this “beacon” in the background every time someone accesses the platform.

If the Tor user has one of these ultrasound-enabled apps on their smartphone, it would then start broadcasting sensitive information to the server. If that were to happen, Tor is no longer anonymous, which renders the entire project moot. Moreover, this attack would not be unique to Tor users alone, as it can unmask anyone using a proxy, VPN, or other anonymity services.

Law enforcement could use the beacon-embedded website tactic to denaonymize Tor users, but that is not their only plausible course of action. Embedded ultrasound in online videos is another option, although it is unclear if YouTube and Vimeo have ways to detect this file. Then again, the same technology is being used by advertisers, so they would need to create a way to distinguish between legitimate and malicious ultrasound files.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.