New research shows how a mobile phone can be turned into a passive indoor ultrasound sonar, locating people with high precision indoors using multi-target echolocation, and is even able to discern a rough selection of activities. It does this by overlaying imperceptible ultrasound sonar pings into played-back music, measuring the reflections coming back to the phone’s microphone. The privacy implications are staggering.

By emitting inaudible ultrasound pings as part of normal music playback, a phone can be turned into a passive sonar device, researchers from the University of Washington show in a new paper. It can track multiple individuals at an indoor precision of 8 centimeters (3 inches), and detect different types of activity by the people in its detection zone — even through barriers, all using a normal smartphone.

People with military technology background will recognize this as next-generation passive covert radar systems, radar systems which don’t transmit, but which detect objects in the sky from changes to reflection patterns from everpresent civilian transmitters such as radio and TV towers. The primary advantage of passive covert radars is that they can’t be detected, as they only contain very sensitive receivers, no transmitters. This phone research appear to be using the same kind of technology, except it is also used as a transmitter of ultrasound pings; however, it would be trivial to separate the transmitter of pings from the receiver of the reflected patterns.

“We achieve this by transforming a smartphone into an active sonar system that emits a combination of a sonar pulse and music and listens to the reflections off of humans in the environment. Our implementation, CovertBand, monitors minute changes to these reflections to track multiple people concurrently and to recognize different types of motion, leaking information about where people are in addition to what they may be doing.”

The researchers are straightforward about the privacy threat that this technology poses: “There are privacy leaks possible with today’s devices that go beyond the ability to simply record conversations in the home. For example, what if an attacker could remotely co-opt your television to track you as you move around, without you knowing? Further, what if that attacker could figure out what you were doing in addition to where you were? Could they even figure out if you were doing something with another person?”

The researchers have tested five different indoor environment and over thirty different moving individuals, and show that even under ideal conditions, the people typically could not detect the tracking.

“We evaluated CovertBand by running experiments in five homes in the Seattle area, showing that we can localize both single and multiple individuals through barriers. These tests show CovertBand can track walking subjects with a mean tracking error of 18 cm and subjects moving at a fixed position with an accuracy of 8 cm at up to 6 m in line-of-sight and 3 m through barriers.”

It’s conceivable that malicious apps with access to the speakers and microphone will be able to use this. It’s also conceivable that apps already are. Among many smartphone devices, the researchers also implemented their CovertBand demonstrator on a 42-inch SHARP television set.

“Even in ideal scenarios, listeners were unlikely to detect a CovertBand attack.”

Privacy remains your own responsibility.