Sunday, May 18, 2025
India Watch - A Digital Media
  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us
No Result
View All Result
India Watch - A Digital Media
  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us
No Result
View All Result
India Watch - A Digital Media
No Result
View All Result
Home India Unplugged

‘The Emperor Wears No Clothes’ Satye Meva Jayate

Pavithran Rajan by Pavithran Rajan
31/05/2016
in India Unplugged
1
https://en.wikipedia.org/wiki/The_Emperor's_New_Clothes

Pic Courtesy https://en.wikipedia.org/wiki/The_Emperor's_New_Clothes

emperor90

Pic courtesy : http://www.praxmatrix.com

Air gap as a panacea for all cyber security threats is enough; is what our national security boffins who deal with critical networks believe or have as believe. Why they cling to this notion when all evidences point to that concept being outdated and an increasing body of evidence showing that there are many methods by which air gapped networks can be routinely compromised are a vast field of study by itself.

The ability of the human mind to fool itself has been historically recognised and stories like the ‘Emperor wears no clothes’ is meant to teach the young the vast depths of human folly where whole societies and nations can be fooled. Having bought into the fallacy that software and hardware made by foreign firms with relationship to their national security establishment could be secure if they are air gapped; it is difficult for them to accept that they were gullible. Evidences of those same nations ensuring that hardware and software from other nations are not allowed in their critical infrastructure make no impact to these fossilised minds.

Now if those companies are represented by people with whom they have formed a relationship and if post retirement sinecures are dangled and facilitated by former comrades who have thread the same path before them, pangs of doubts which occasionally crop up can easily be stifled. The junkets, sponsored seminars and more sweeten all these cosy relationships.

Now ‘ All people can’t be fooled for all time.’ and such falsehoods are eventually exposed. Indeed the chances for such perfidy happening was recognised by the founding fathers of this nation, who adopted ‘ Satye Meva Jayate’ as the national motto.

The article below is one more nail in the coffin of ‘air gapped security..

————————————————————————————————————————————————————————–

http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/

Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC
Privacy advocates warn feds about surreptitious cross-device tracking.

by Dan Goodin – Nov 13, 2015 11:30pm IST
ShareTweet
221

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person’s online behavior across a range of devices, including phones, TVs, tablets, and computers.

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can’t be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn’t been an easy way to track activity on one and tie it to another.

“As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them,” CDT officials wrote. “Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person.”

The officials said that companies with names including SilverPush, Drawbridge, and Flurry are working on ways to pair a given user to specific devices. Adobe is also developing cross-device tracking technologies, although there’s no mention of it involving inaudible sound. Without a doubt, the most concerning of the companies the CDT mentioned is San Francisco-based SilverPush.

CDT officials wrote:

Cross-device tracking can also be performed through the use of ultrasonic inaudible sound beacons. Compared to probabilistic tracking through browser fingerprinting, the use of audio beacons is a more accurate way to track users across devices. The industry leader of cross-device tracking using audio beacons is SilverPush. When a user encounters a SilverPush advertiser on the web, the advertiser drops a cookie on the computer while also playing an ultrasonic audio through the use of the speakers on the computer or device. The inaudible code is recognized and received on the other smart device by the software development kit installed on it. SilverPush also embeds audio beacon signals into TV commercials which are “picked up silently by an app installed on a [device] (unknown to the user).” The audio beacon enables companies like SilverPush to know which ads the user saw, how long the user watched the ad before changing the channel, which kind of smart devices the individual uses, along with other information that adds to the profile of each user that is linked across devices.

The user is unaware of the audio beacon, but if a smart device has an app on it that uses the SilverPush software development kit, the software on the app will be listening for the audio beacon and once the beacon is detected, devices are immediately recognized as being used by the same individual. SilverPush states that the company is not listening in the background to all of the noises occurring in proximity to the device. The only factor that hinders the receipt of an audio beacon by a device is distance and there is no way for the user to opt-out of this form of cross-device tracking. SilverPush’s company policy is to not “divulge the names of the apps the technology is embedded,” meaning that users have no knowledge of which apps are using this technology and no way to opt-out of this practice. As of April of 2015, SilverPush’s software is used by 67 apps and the company monitors 18 million smartphones.
SilverPush’s ultrasonic cross-device tracking was publicly reported as long ago as July 2014. More recently, the company received a new round of publicity when it obtained $1.25 million in venture capital. The CDT letter appears to be the first time the privacy-invading potential of the company’s product has been discussed in detail. SilverPush officials didn’t respond to e-mail seeking comment for this article.

Cross-device tracking already in use

The CDT letter went on to cite articles reporting that cross-device tracking has been put to use by more than a dozen marketing companies. The technology, which is typically not disclosed and can’t be opted out of, makes it possible for marketers to assemble a shockingly detailed snapshot of the person being tracked.

“For example, a company could see that a user searched for sexually transmitted disease (STD) symptoms on her personal computer, looked up directions to a Planned Parenthood on her phone, visits a pharmacy, then returned to her apartment,” the letter stated. “While previously the various components of this journey would be scattered among several services, cross-device tracking allows companies to infer that the user received treatment for an STD. The combination of information across devices not only creates serious privacy concerns, but also allows for companies to make incorrect and possibly harmful assumptions about individuals.”

Use of ultrasonic sounds to track users has some resemblance to badBIOS, a piece of malware that a security researcher said used inaudible sounds to bridge air-gapped computers. No one has ever proven badBIOS exists, but the use of the high-frequency sounds to track users underscores the viability of the concept.
Now that SilverPush and others are using the technology, it’s probably inevitable that it will remain in use in some form. But right now, there are no easy ways for average people to know if they’re being tracked by it and to opt out if they object. Federal officials should strongly consider changing that.

 

Tags: Cyber SecuritycyberwarICT ManufactureInfo Securityinformation warfareInfowarPavithran Rajan
Previous Post

Open Source based Hardware, Network and Software Technologies - an Imperative in the Information Age

Next Post

Milking Holy Cows

Pavithran Rajan

Pavithran Rajan

Pavithran Rajan is an alumni of the National Defence Academy and was commissioned in the Indian Army in 1992 and served till 2013. He is on the Board of Advisors at the E Raksha Research Center; Gujarat Technological University, Ahmedabad and regularly consults for numerous organisations in various State and Central Government.

Next Post
ICT kill switches

Milking Holy Cows

Comments 1

  1. Dinesh says:
    9 years ago

    Very informative and well written article.Author has deep knowledge on subject.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

14 + one =

  • Trending
  • Comments
  • Latest

Skeletons in my banks and national system

17/04/2018

Corporate Governance & Cyber Security Responsibility

18/11/2016

Chai pe Charcha – Delhi 11 June 2017

14/06/2017

Govt & Cops twiddle fingers waiting for the nation to burn…

26/08/2017
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

7

Cyber Swatchhta Kendra – A Good Start

6

Demonetisation – Cashless Economy – Urgent Need For Data Localisation

5

Why Are We A Strategically Deficient Nation ?

5
Time to relook at Critical Information Infrastructure

Time to relook at Critical Information Infrastructure

20/09/2020
What the Government does… secure messaging

What the Government does… secure messaging

23/01/2020
They ran, we shot… and u better believe us!

They ran, we shot… and u better believe us!

06/12/2019
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

31/10/2019

Recent News

Time to relook at Critical Information Infrastructure

Time to relook at Critical Information Infrastructure

20/09/2020
What the Government does… secure messaging

What the Government does… secure messaging

23/01/2020
They ran, we shot… and u better believe us!

They ran, we shot… and u better believe us!

06/12/2019
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

31/10/2019
  • Home
  • About
  • Contact
  • Maps of India

© 2018 IndiaWatch - All Rights Reserved. Website Design: Jemistry Info Solutions

  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us

© 2018 IndiaWatch - All Rights Reserved. Website Design: Jemistry Info Solutions

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.