Skip to content
Naked Security Naked Security

Researchers hide data in music – and human ears can’t detect it

It's now possible to secretly transfer data inside music without turning it into unlistenable mush.

Researchers have developed a way for data to be secretly transferred inside a music track at a usable rate without turning it into unlistenable mush.

While using sound waves as a data carrier is not new, applying the principle to music has always been a challenge because even small distortions made when adding data will be noticed by the human ear.

If one could overcome this, music would make a good medium for data transfer because it can easily be picked up by the microphones used by smartphones and computers without annoying people by blasting unstructured sound at them.

How does it work?

The technique outlined by Manuel Eichelberger and Simon Tanner of ETH Zurich uses orthogonal frequency-division multiplexing (OFDM) to add data to the musical frequencies humans are less likely to notice whilst avoiding the ones they are sensitive to.

It sounds easy enough in principle but applying it to music tracks with individual harmonic compositions across different genres quickly becomes a highly technical challenge.

Then there’s the problem of being able to transfer enough data at a given distance to make the whole idea worthwhile.

After conducting experiments, the researchers found it was possible to achieve data rates of 300 to 400 bits per second (bps) over distances of up to 24 metres, with a 10% error rate, without affecting the original music when played to a test group of 40 people.

When a modified tune is played back by a speaker, a person listening to it cannot notice any degradation in sound quality but still, a smartphone is able to read out the information carried by the song.

What could you do with it?

Although a low data rate by modern radio frequency standards, the pair reckon this is still sufficient for basic applications, which brings us to the critical question of what such a data-in-music technology might be used for.

Their answer seems to make the everyday movement of small chunks of data such as security keys less of a manual chore. For example:

That would be handy in a hotel room, since guests would get access to the hotel Wi-Fi without having to enter a password on their device.

Granted, encoding useful data in music at bit rates and ranges not yet matched by other researchers is impressive, but to some this will sound like a solution looking for an application.

If something as compact as a Wi-Fi key could be transferred using sound waves, why not do that using a short blast of sound or simple sequence of musical notes?

Inevitably, using music creates the inherent problem of distortion while using sound at all depends on making assumptions about background noise.

Readers can judge for themselves by comparing the original track to the one with data added.

On a related note (pardon the pun), in 2015 another set of researchers from ETH Zurich suggested that comparing ambient sounds picked up by a smartphone and a PC to confirm they are in the same vicinity could be used for two-factor authentication.


Drat–thanks a LOT John–there goes my entire plan!

I’ve spent weeks encoding all my recorded tracks with “buy this song ten times, tell your friends,” and you blow the lid off the case. Maybe sharks with laser beams…

Interesting article. Clearly a difference between the tracks, albeit I’d never suspect it had a steganographic nature. Sounds like either a poorly-recorded (low bit rate?) track or an inexplicable phaser effect at the mastering stage.

In a live music setting like a cafe or club it’d be less noticeable.

Next 007 film will feature this method of delivering intel.


If I modified a known “tape” recording in this way, would it’s existence stick out like a sore thumb when someone analysed the track? If not, then yet another vehicle for the steganographers. Now border security will have to confiscate your cassets.


Another possible usage would be to embed meta data in a song. Apart from providing information about the song, this type of metadata will be more difficult to remove and can be used as another protection against piracy.


It was possible three years ago, shown in this YouTube video posted February 2016:


It sounds like a new tracking tool – embed ad or other desired data tags to background music and dupe an unsuspecting person into loading a rogue app on a smartphone. Then, combined with geo-location data, you have a public equivalent of ultrasonic ad tracking codes transmitted on TV audio being picked up by smart phone spyware.


A more insidious use for hidden data in an audio file is for DRM.

A DRM standards compliant audio player will modify the audio to add a message with it’s serial number as it plays each track. If the user makes an analogue recording and shares it online, or even to too large an audience offline (eg in a bar that did not buy the correct public entertainment licence from the rights holder), then the original device and owner can be traced and sued.


I had heard last year that the FBI has put sounds in illegal media files to locate those that view them. Now their statement makes more sense. Listening for sound signatures same as an AV signature. They implied it was MS default AV that did the detection, but now I wonder if the voice assist services are part of this. Wilbur and David point out other uses. I wonder how criminals will make use of this, because it’s a sure thing they will.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!