Smart devices and appliances are becoming increasingly prevalent, but as a consequence of adding these connected devices such as smart TVs, phones, and hubs like the Amazon Echo to our homes, there are an increased number of connected speakers and microphones with access to our private environment. In this work, we show that in the case of microphones and speakers there are privacy leaks possible with today's off-the-shelf devices that go beyond the ability to simply record conversations in the home.

We create CovertBand which transforms commodity devices with microphones and speakers into active sonar systems to simultaneously track multiple users through barriers like walls, doors and windows. In addition to tracking, it can also distinguish linear and rhythmic class of motions. CovertBand expertly conceals this attack by hiding the high frequency sonar pulses within the beats of popular songs making it indistinguishable. This means that the attacker can implement the attack even remotely by using music apps that play the modified versions of popular songs.