Secret messages embedded in television adverts can direct smartphones to spy on their owners using listening software, according to German researchers.
There’s been a huge growth in Android apps using software that’s designed to search for inaudible “ultrasonic” signals, and these signals can contain code which orders apps to begin tracking people’s location, what they’re watching on television and even collect personal information such as political affiliation and pornography habits, the researchers warn.
The software, called Silverpush, is designed to listen to “audio beacons” which humans can’t hear, and has allegedly been used by corporations such as McDonald’s and Krispy Kreme.
Apps that use this software can “precisely link the watching of even sensitive content such as adult movies or political documentations to a single individual – even at varying locations,” the researchers said. “Advertisers can deduce what and how long an individual is watching and obtain a detailed user profile to deliver highly customized advertisements.”
“The monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future,” the researchers added.
The researchers from Braunschweig University of Technology visited dozens of stores in two unnamed European cities and found four stores broadcasting these beacons.
They also noted a surge in the number of Android apps which searched for these audio beacons, from 39 in 2015 to 234 presently.
This technology was already a concern to the American Federal Trade Commission, who wrote to app developers last year asking them to clarify if they were using software like Silverpush.
“These apps were capable of listening in the background and collecting information about consumers without notifying them,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Companies should tell people what information is collected, how it is collected, and who it’s shared with.”
The notion of smart devices being able to spy on citizens is nothing new.
Earlier this year, WikiLeaks released a trove of CIA documents as part of the Vault 7 leaks, detailing how the agency created malware called “Weeping Angel” which turns Samsung smart TVs into listening devices, even when the device is off.
“Weeping Angel can also reportedly extract usernames, passwords and Wi-Fi keys – allowing access to the target’s network and other connected devices,” reported Mikael Thalen.