W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Audio & security

From: Yoav Weiss <yoav@yoav.ws>
Date: Fri, 9 Aug 2013 23:31:00 +0200
Message-ID: <CACj=BEjOK-eoqTYiZBjhAaRH3v+f1_U8cfHd_WVAU01eXhG=Mw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Boris Smus <boris@smus.com>
Boris Smus wrote an excellent blog post about the use of WebAudio for short
range data transmission using inaudible audio (
http://smus.com/ultrasonic-networking/).

That got me thinking regarding the security implications of the Web Audio
API & inaudible audio in general.
I'm not really sure if & how this can be exploited. XSS can use it to send
data to the user's proximity, but it can already send it to anywhere in the
world today.
It might more likely be used to detect other users in the vicinity &
communicate with them, which can be a feature but can also be a security
issue if the user is unaware.

Is this use of inaudible audio worth considering in term of its security?
Is it something that we want to require the user's permission for? Maybe a
warning/indicator? Or am I just being paranoid?

Yoav
Received on Friday, 9 August 2013 21:31:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC