In this issue:

• Threat of the week: Ad tracking through ultrasonic eavesdropping

• Special coverage of the week: Carriers can’t stop scam texts on iPhones

• Tip of the week: Phone names

Ad tracking through ultrasonic eavesdropping

“Papa, can you hear me?” sang Barbra Streisand in the movie Yentl.

Well, if she was playing on a Smart TV or near a phone with Apple Siri or Google Assistant active, the answer is YES. But there are dozens of other devices that are also listening.

It’s true that there are listening devices using small microphones in so many things now: fire and CO2 alarms, TVs, Google Nest thermostats, ovens, refrigerators, smart speakers, smart watches, robot vacuums, and even air fryers.

The microphones would be harmless if it was just to control your air fryer, but it doesn’t stop there. There are other components in the product that can then send data to other devices like your computer or phone.

Have you ever wondered how a conversation you had with someone at home resulted in advertisements being displayed when you are on the internet? Even though you never typed a search term? It’s done by using ultrasounds.

Ultrasound is the physics term for frequencies at 20 kHz and above, even though most of us think of ultrasounds as imaging devices to see babies or internal organs. Ultrasonic is the adjective form of the noun ultrasound. Thus ultrasonic waves are what make ultrasound devices work.

Humans can’t hear ultrasonic sounds but other microphones can which makes ultrasonic cross-device tracking possible. A device’s microphone picks up the ultrasonic sounds, called beacons, sent by other devices.

For example, the Smart TV’s microphone may hear you say, “Paris”, and then when you use your cell phone a few minutes later, you start to see travel ads for Paris, France. This can occur because the Smart TV sent an ultrasonic beacon out and an app on your phone received the signal. This beacon allows advertisers to track you.

In May 2017 a report from Germany’s Braunschweig Technical University [PDF], found 234 Android apps that incorporated ultrasonic receivers. Google removed some violating apps and changed it’s policy to require developers to explicitly state in their privacy policies when ultrasonic beacons are being used and what their purpose is, but who reads the privacy policies?

I’ll do some research and test some mobile apps that can detect these ultrasounds. (I just bought an Android phone so I can now provide better help on that mobile operating system too.) I’ll write a future article and let you know my results.

In the meantime, here is how to turn off some ultrasonic features in some common devices. This may prevent advertisers from secretly creating or tracking your user profile between devices.

How to limit microphone access on your devices:

• iPhone: In the Settings app, select Privacy & Security > Microphone. Turn off access for apps that don’t need it.

• Android: In the Settings app, select Privacy > Permission Manager > Microphone, then deny access for anything that doesn’t absolutely need it.

How to turn off tracking on your Smart TV:

• Samsung TVs: In Settings > Support > Terms & Privacy > Viewing Information Services, and toggle it off.

• LG TVs: In Settings > All Settings > General > User Agreements, and uncheck Personalized Advertising.

• Roku TVs: In Settings > Privacy > Advertising, and limit ad tracking.

There are many other ways advertisers track you. You probably have heard about the “cookies” that are created when you visit websites or advertising “pixels” that follow you around. I’ll cover those in future articles too.

Carriers can’t stop scam texts on iPhones

Android owners have a number of security issues on their own phones, but here’s one just for the iPhone owners.

The iPhone-to-iPhone text messaging, called iMessage, helped Apple advance their market by allowing people to text when only on Wi-Fi or from email message directly to iPhone user text message.

That’s great and innovative, but there is an iPhone security feature allowing scammers to take advantage of iPhone users. It’s called end-to-end encryption and this means that only the sender’s software can encrypt (scramble) the message and only the receiver’s software can decrypt (unscramble) the message. (It’s more complicated than that, but I promised I wouldn’t get technical in my articles.)

Guess who can hide behind the encryption? Scammers, of course.

iMessage and the mobile carriers don’t know if it’s your friend texting you, or a scammer out to steal all your money.

And because iMessage doesn’t require cell service, there are entire rooms of iPhones that spend all day sending scam texts to your iPhone.

The mobile carriers can’t help you. All you can do is help yourself. I wrote about scam texts in this previous article. Please defend yourself with knowledge. Trust no one that texts you except for those in your phone’s address book.

Tip of the week: Phone names

Rename your phone from “Apple iPhone 16” or “Pixel 9” to something helpful like “Reward if found - Call 555-123-4567.” For iPhones, head to Settings > General > About > Name. On Android, go to Settings > About phone > Device name. It’ll pop up on Bluetooth, Wi-Fi or when it’s plugged into a computer.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com