Skip to content

Case Study · QIF-T0079

Your Earbuds Can Fingerprint Your Ear Canal

ANC earbuds contain all the hardware needed to silently extract a biometric fingerprint of your ear canal. We validated this on real hardware: 2 subjects, 2 devices, 6 sessions, >99% identification accuracy. The probe signal can be hidden 47 dB below music — completely inaudible.

TARA: QIF-T0079 Domain: S (Sensor Exploitation) Severity: High Validated: 2026-02-11

The Threat

Your ear canal is a biometric. Its geometry — length, diameter, tympanic membrane reflectance — creates a unique acoustic transfer function per individual. Unlike a password, you cannot change it. Unlike a cookie, it follows you across devices. Unlike a MAC address, it is tied to your body.

Active Noise Cancelling earbuds already contain a speaker and a feedback microphone pointed directly at the ear canal. The standard Bluetooth Hands-Free Profile (HFP) audio path gives any app with microphone permission the ability to play a probe signal through the speaker and record the ear canal's acoustic response through the microphone.

No firmware exploit. No elevated privileges. No ANC telemetry API. Just the standard audio path that every music player, voice assistant, and conferencing app already uses. 

  Phone App (attacker-controlled)
  ┌────────────────────────────────────────────────────┐
  │  Play probe ──── Bluetooth HFP ────┐               │
  │  signal                            ▼               │
  │                          ┌──────────────────┐      │
  │                          │   ANC Earbud      │      │
  │                          │  Speaker ──────►  │      │
  │                          │     │  Ear Canal   │      │
  │                          │     ▼  (unique     │      │
  │  Record     ◄─── BT ────│  Feedback geometry)│      │
  │  response                │  Mic ◄──────────  │      │
  │                          └──────────────────┘      │
  │                                                     │
  │  Extract IR → Features → Identity                   │
  └────────────────────────────────────────────────────┘

Methodology

We tested with two consumer ANC earbuds from different manufacturers (both under $250, standard Bluetooth, silicone tips) and two subjects.

Probe Signal

Exponential swept sine, 200–7500 Hz, 1.5 s duration, 3 repetitions averaged. Stays below HFP Nyquist limit (8 kHz at 16 kHz sample rate).

Impulse Response

Wiener deconvolution extracts the ear canal transfer function. Open-air control subtracts the earbud/Bluetooth channel, isolating the ear's contribution.

Feature Extraction

186-dimensional vector: 20 MFCCs + 20 GFCCs + 16 LPC coefficients + 10 spectral features. Captures the acoustic signature across multiple domains.

Classification

Cosine similarity on feature vectors. Intra-subject consistency and inter-subject separation measured across all session pairs.

Results

6 sessions across one evening. Each session: 3 in-ear trials + open-air control.

Session Subject Device Conditions Intra-session
1 A A Music, gum, reinsertion >99%
2 A A No music, gum, typing >99%
3 A A No music, partial gum ~99%
4 A B Music, gum (cross-device) >99%
5 B B Quiet ~97%
6 B A Quiet (wrong-size tips) ~96%

Key Findings

  • Cross-session: >99% similarity across all Subject A sessions, regardless of music, gum, typing, or reinsertion.
  • Cross-device: >99% similarity for Subject A across two manufacturers' earbuds (different codecs, different sample rates).
  • Inter-subject: ~3.8x separation ratio between Subject A and Subject B on the same device.
  • Ear tip fit matters: Subject B using Subject A's tips showed degraded consistency (~96%), confirming the measurement reflects true acoustic coupling.

Covert Extraction: The Masking Simulation

The critical question: can the probe be hidden inside music so the listener hears nothing, yet the fingerprint is still extractable?

The swept sine probe has a bandwidth-time product of ~33,000. Wiener deconvolution provides ~45 dB of processing gain — it correlates the entire recording against the known probe, amplifying the response and suppressing uncorrelated music. The result:

Probe Attenuation Probe-to-Masker Ratio Fingerprint Similarity Audible?
0 dB +13 dB ~96% Yes
-24 dB -11 dB ~96% Borderline
-48 dB -35 dB ~96% No
-60 dB -47 dB ~96% No

The fingerprint does not degrade. From 0 dB to −60 dB attenuation (1000x reduction in probe amplitude), cosine distance changes from 0.0390 to 0.0391. At −47 dB probe-to-masker ratio, the probe is ~200x quieter than the music — at least 17–27 dB below the human auditory masking threshold. The listener hears only music. The attacker gets a biometric identifier.

Why This Matters for BCI Security

T0079 is Step 1 of a 6-step kill chain documented in the Zenodo working paper. An ear canal fingerprint establishes persistent identity. Combined with other S-domain techniques (heart rate extraction via headphone driver, gait detection via accelerometer, cognitive state inference via typing dynamics), an attacker builds a multi-modal biometric profile — all from consumer devices the target already owns.

For BCI users, this profile becomes the foundation for targeted attacks at the neural interface. The TARA framework maps this progression: from consumer sensor exploitation (S-domain) through data aggregation to neural-targeted threats.

The ear canal fingerprint is persistent (geometry doesn't change), irrevocable (you can't reset it), cross-device (same ear = same fingerprint), and covert (embeddable in any audio). These properties make it fundamentally different from digital identifiers — and fundamentally more dangerous.

Limitations

  • N=2 subjects. Inter-subject discrimination is directionally correct but not statistically significant. A study with N≥10 and proper per-subject ear tip fitting is needed for d-prime and EER metrics.
  • Single platform. All recording on macOS Core Audio. Android, Windows, and mobile app paths are untested.
  • No longitudinal data. All sessions within ~3 hours on one evening. Day-over-day stability is unknown (though ear canal geometry is stable in adults).
  • Masking is simulated. The covert extraction uses a real channel model but has not been physically validated with masked audio played through real earbuds. The ~45 dB processing gain provides substantial margin.

Prior Art

Work Year Accuracy Covert?
Akkermans et al. (Philips Research) 2005 >99% No
Gao et al. (EarEcho, MobiCom) 2019 97.5% No
Fan et al. (HeadFi, MobiCom) 2021 97–99% Passive
EarID 2025 98.7% No
This work (T0079) 2026 >99% Yes

Our contribution: (1) attack framing vs. feature framing, (2) standard Bluetooth HFP path only, (3) psychoacoustic masking demonstration — no prior work has shown covert probe extraction hidden inside music.

Related

Blog Post

How Malicious Apps Derive Your Biometrics

28 consumer sensor exploitation techniques across 4 tactics

TARA Atlas

S-Domain: Consumer Sensor Exploitation

Full technique registry with CVSS + NISS scoring

Working Paper

Securing Neural Interfaces

DOI: 10.5281/zenodo.18640105 · T0079 is Step 1 of the kill chain

Framework

QIF Hourglass Architecture

S-domain bands where sensor exploitation originates

Responsible Disclosure: This case study presents findings from validated research. Proof-of-concept code is not publicly available. The purpose is to demonstrate that consumer audio hardware presents a real biometric privacy risk, informing security architecture decisions for BCI systems.

Citation: Qi, K. (2026). Securing Neural Interfaces: Architecture, Threat Taxonomy, and Neural Impact Scoring for Brain-Computer Interfaces. Zenodo. https://doi.org/10.5281/zenodo.18640105