QIF-T0082

high

Ultrasonic cross-device tracking (inaudible beacon correlation for user identification)

Tier 2 — Validated (Independently Replicated)

Legacy status: CONFIRMED

Advertisers and tracking firms embed inaudible ultrasonic beacons (18-22 kHz) in TV commercials, web ads, and in-store audio. Any device with microphone access (phone, tablet, smart speaker) within acoustic range can detect these beacons and report them to a tracking server. This enables cross-device user identification (linking phone, laptop, TV viewing), physical location tracking (in-store beacons), and de-anonymization of Tor/VPN users (TV ad beacons correlate with browsing sessions). Silverpush was found embedded in 234 Android apps (2017). The beacons are inaudible to humans but easily detected by consumer microphones. Combined with QIF-T0075 (ultrasonic sonar), the same frequency band serves both tracking and physiological surveillance. This technique requires no hardware modification — only software with microphone permission.

Technique Details

Tactic: QIF-S.HV
Status: CONFIRMED
Bands: S1, S2, S3

✚ Therapeutic Application

Inaudible ultrasonic beacons (18-22 kHz) embedded in audio content detected by consumer device microphones for cross-device user tracking and location correlation

Neural Impact

3 of 7 neural bands affected

S1 S2 S3

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

2.0Low

Governance

Neurorights at Risk

This technique threatens 1 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy

Consent Complexity

0.12 / 4.0

FDORA §3305 Compliance

Cyber Device

Regulatory Coverage

0.5 / 1.0

524B Requirements

TM VA SBOM SA PM

Regulatory Gaps

! No FDA pathway for consumer sensor exploitation
! Software-only attack without software lifecycle standard (IEC 62304)

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	2.0	2.0	Low	-
Child (10yr) + ADHD	2.0	2.4	Low	+0.35
Adult with ALS	2.0	2.3	Low	+0.32

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub