What If: Tracking By Inaudibility

2026, July 12    

For anyone who has taken a laptop into a conference room recently, you may have noticed how video conferencing solutions are able to identify the room you are in / get you on the big screen (without any Bluetooth devices showing / any entering of pairing codes). You may have also encountered this when using a popular mobile app to identify a track playing in the background, only to question how it identified the song in a fraction of a second.

The technology behind this isn't new... In simple terms, there is a separate stream of data playing at the same time, at a frequency we can't hear. Your computer / mobile device is capable of hearing frequencies outside of our hearing range, and knows where to listen for the extra data. From a convenience perspective this is great, as it simplifies many tasks that would otherwise take more time / be tedious. With that said, this technology can also be used in other (bad) ways.

A recent example of this was in 2023, when a team of university researchers proved that covert attacks on smart devices could take place via inaudible frequencies (see here). They were able to pass malicious commands (that a user would be unaware of) to common home devices that listen for your commands, which depending on the situation could have a range of consequences. Protection was later added to help prevent these types of attacks (typically by filtering any incoming recognition to only audible frequencies), however, what if the goal of this shifted into something more covert?

There has been plenty of news coverage as of late regarding Smart TVs that track your viewing behaviour by capturing the content of your screen periodically and sending it to the manufacturer / 3rd parties for processing / content identification. This in itself is a serious concern, but what if the tracking was more prevalent?

Imagine if the music you listened to around your home / your office, contained the same embedded inaudible data stream as before, but this time had user tracking information in. A continuous hidden stream within your audio that contains details of who you are / where you are (thanks to live stream processing on a per-user basis, and geolocation) / any other information to be included. This information could be detected by smart devices in under a second, especially by those with a vague security / data protection policies.

This can be taken a step further, as a means of covert user tracking to identify those who engage in media piracy. Your pirated media could contain identifying properties in inaudible form, designed to be detected by in-home devices and subsequently reported to the authorities. With the increase in surveillance in multiple countries, how long will it be before continuous audio surveillance becomes opt-out versus opt-in? As with the usual shock a user goes through when asking a smart device not to listen for voice prompts (only to realise that it still is, it just doesn't action them), whose to say it couldn't also be configured to listen for extra data (if it isn't already).

For some scenarios the solution is to have devices that don't attempt to reproduce sounds outside of the human hearing range (if they are even advertised), though even this isn't a perfect solution as perceived glitches in the audio could actually be hidden data in the audible range (using Steganography as its method). For those obtaining their media from questionable sources, adding a low pass filter (LPF) into your processing pipeline to remove inaudible frequencies is probably wise.