Abstract
Ultrasound, imperceptible to the human ear, emerges as a potent carrier of information. Exploiting its covert nature, a growing number of both malicious entities and researchers delve into its potential privacy threats. Simultaneously, the surge in Browser Extensions, prized for their streamlined access to privileged browser resources, adds a layer of convenience while raising a big concern. This work introduces UltraCommander, a kind of cyber attack that leverages ultrasonic channel communication. In particular, UltraCommander covertly monitors user private data based on attacker-specified commands, facilitating surreptitious data transmission to the attacker. We then intricately detail the implementation of this attack and showcase its imperceptible nature. Our research underscores the successful exfiltration of private data through Chrome APIs, with future prospects extending to capturing additional information, such as SMS data, from browsers.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Second International Conference on Data Security and Privacy Protection, DSPP 2024 |
| Volume | 15215 |
| Publisher | Springer |
| Publication date | 2025 |
| Pages | 195-210 |
| ISBN (Print) | 978-981-97-8539-1 |
| ISBN (Electronic) | 978-981-97-8540-7 |
| DOIs | |
| Publication status | Published - 2025 |
| Event | Second International Conference on Data Security and Privacy Protection - Xi'an, China Duration: 25 Oct 2024 → 28 Oct 2024 |
Conference
| Conference | Second International Conference on Data Security and Privacy Protection |
|---|---|
| Country/Territory | China |
| City | Xi'an |
| Period | 25/10/2024 → 28/10/2024 |