Talking Behind Your BackAttacks & Countermeasures of

Ultrasonic Cross-Device Tracking

Vasilios MavroudisDoctoral Researcher UCL

Federico Maggi

Assistant Professor POLIMI

Visiting Researcher UCSB

Who we are

The Story of a Product

The Story of a Product

The Story of a Product

FTC Cross-Device Tracking Workshop, Nov 16, 2015 (Washington, DC)

The Story of a Product

Unhappy

Proactive

Unhappy

Unconcerned

Proactive

The Story of a Product

The Story of a Product

Not the End of our Story:The Tip of the Iceberg

Contents

The Ultrasound Tracking Ecosystem

Cross-Device Tracking, XDT: Overview

XDT

Cross-Device Tracking, XDT: Details

Ultrasound Beacons: uBeacons

uBeacons: Technical Details

uBeacons: Practical Details

XDT + uBeacons = uXDT

Ultrasound Cross-Device Tracking

Ultrasound Cross-Device Tracking

Ultrasound Cross-Device Tracking

Ultrasound Cross-Device Tracking

Proximity Marketing

Other Use Cases

But how secure is this?

Exploitation!

Setting the Scene

The Attacker’s Toolchest

The Attacker’s Toolchest

The Tor de-anonymization Attack

The Tor de-anonymization Attack

The Demo Explained

The Demo: Simulated State-level Adversary

The Demo: Simulated State-level Adversary

Some More Attacks

Security Evaluation

Security Evaluation

Security Evaluation

Security Evaluation

Security Evaluation

May 10, 2016

Aug 31, 2016

July 19, 2016

Oct 17, 2016

Market Penetration

Countermeasures

Browser Extension

Android Permission

Tor Bug Tracker

Securing the Ecosystem

Securing the Ecosystem

Conclusions: What we did

Conclusions: What’s left to do!

Conclusions: What’s left to do!

Q & A

ubeacsec.org