The underlying technology in question is known as ultrasonic cross-device tracking, or uXDT. Cross-device tracking has been called a ‘holy grail’ for marketers, allowing them to, for instance, tell your phone when you’re watching a particular TV show, or share data about laptop web browsing to your tablet.
The UCL team says the lack of disclosure and opt-out options on widely-installed uXDT apps represents an even bigger threat, though. Such apps often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking.
The researchers have already found ways to mine cloaked IP addresses. Speaking to New Scientist, UCL team member Vasilios Mavroudis suggests that an app’s always-on microphone access could be leveraged to monitor conversations (and, if you’re not paranoid already, to decipher what you’re typing). The ‘beacons’ that transmit ultrasound data can also be spoofed to manipulate apps’ user data.