Malware on your smartphone – or other smart device – could someday be used to track your body position or identify your movements within a room. That's the conclusion reached by researchers at the University of Washington, who created a program that turns such devices into active sonar systems.

Known as CovertBand, the software uses a device's speakers to play back repeating acoustic pulses in the 18 to 20 kHz range. Given that these could be heard by some people, they're masked by being included with a song or other audio. The device's microphones then pick up the echoes of those pulses, as they're reflected back by objects (such as people) in the room.

In the case of a phone or tablet, if any movement was detected, a remotely-located attacker could then be notified by the device itself.

Additionally, even if not installed on someone's own device as malware, the system can also work through thin interior walls – although its range is reduced. This means that conceivably, an attacker could crank the volume on a CovertBand-running smart TV in one apartment, to monitor the movements of another person in an adjacent apartment.

The screen shows the signatures of arm waving, as detected by CovertBand(Credit: Dennis Wise/University of Washington)

Although the technology is currently only able to identify fairly basic, repetitive movements, it is believed that with the application of machine learning systems, it could soon be able to identify many more.

"We always want to stay one step ahead of the bad guys — of attackers who are trying to collect this information about users," says Prof. Tadayoshi Kohno, co-author of a paper on the study. "We're providing education about what is possible and what capabilities the general public might not know about, so that people can be aware and can build defences against this."

There's more information in the video below.

View gallery - 2 images