New research published this week by researchers from the University of Washington shows how an attacker could track a user's movements using speakers and microphones that come with computers, laptops, tablets, smartphones, and other devices.
The attack — nicknamed CovertBand — relies on embedding a high-frequency audio signal in mundane audio recordings like music tracks, movies, or others.
When users play the songs, the high-frequency audio signal works like a sonar, bouncing off nearby objects and returning to the user's device where the microphone records the pingback time.
This information is sent to an attacker, who process the data to reproduce a 2D image of a victim's movements and surroundings.
Researchers say they tested their attack scenario in practice and were able to track persons moving across a room. They also tracked persons and objects in a nearby room, through walls, doors, and windows.
In addition, they were also able to distinguish between random movements and repetitive motions, a small detail that can prove crucial in surveillance scenarios.
"These tests show CovertBand can track walking subjects with a mean tracking error of 18 cm and subjects moving at a fixed position with an accuracy of 8 cm at up to 6 m in line-of-sight and 3 m through barriers," researchers say.
Furthermore, tests with 33 human subjects showed that none could detect the high-pitch signals embedded inside popular songs, allowing for covert monitoring.
The CovertBand attack can be executed using malware installed on regular PCs and smartphones or with custom hardware rigs put together with off-the-shelf components. Further, new types of home devices such as smart TVs and home assistants also present a fertile attack ground.
Until now, scientists have carried out similar research, but never to track the movements of humans or objects. Last year, Israeli researchers used malware to transform the speakers (inside headphones) into microphones to listen to nearby conversations.
Technical details about the CovertBand attacks are available in a research paper entitled "CovertBand: Activity Information Leakage using Music." Below is a short YouTube video summarizing the research.
If all of this sounds familiar, it's because you've heard it before in Christopher Nolan's The Dark Knight. Go to 5:23 in the video below: