A song plays in a crowded supermarket. To some people, this is just background Muzak, stuff their cerebral cortex is barely processing as they focus on what they want to buy for dinner. But others can whip out their smartphones and discover that embedded in the music is information, maybe a wifi password or a website URL, or an alert that there’s a sale on apples in aisle three.
That scenario is the vision Simon Tanner and Manuel Eichelberger, two Ph.D students from the Swiss Federal Institute of Technology in Zurich who spent six months creating a new method of sending data from one place to another—hiding it in music in a way that is imperceptible to the human ear.
“The whole idea is basically that we can transmit data locally without any setup,” Tanner, who is studying electrical engineering and information technology, told The Daily Beast. “We don’t have to type any passwords or pair devices or anything like that. We just have speakers that can broadcast data along with a song and anyone in range could access it.”
“Transferring data through music has been around for 20 years,” says Georg Essl, a research professor at the University of Wisconsin-Milwaukee who was not involved in the study. “But transferring data with over-ear transmission—this is more new.”
What he means is that when you download a song online, it likely has data already embedded in it. If you were to download Katy Perry’s new summer hit “Never Really Over,” it would come with embedded metadata identifying the artist and the release date and a watermark to enforce copyright. (Most people can’t hear the watermarks unless they’re looking for them. Here’s a watermark audio listening quiz if you want to test your listening abilities.) But unlike Tanner’s project, that data isn’t transmitted over airwaves and it’s intended to stay hidden in audio files.
Tanner’s project is a new form of audio steganography, the official name for the field of secretly embedding data in a piece of audio. “We try to hide the data from the human ear, but any device could decode it,” he said. “We don't want to actually hide the data from the receiver.”
Here’s how it’s done: Tanner fires up Spotify on his computer and picks a song, such as Scorpions’ “Can’t Live Without You,” one of the songs he experimented with for the study. The song is blasted through a regular pair of speakers and a virtual output computer program takes the music and inserts the data as the song plays, after the computer has identified where it wants to place the data.
They discovered not all music is created equal when it comes to data. It’s easier to hide it on songs with more distracting loud notes, like Queen’s “And The Show Must Go On” and Van Halen’s “And The Cradle Will Rock.”
“We tried many musical genres,” he said, “and the best songs were constantly loud, over many frequencies. So rock and pop, those worked quite well.”
If data wasn’t hidden and was just dumped into a song, depending on how it got embedded, it might sound like random static or a series of unpleasant beeps, which is no way to listen to Van Halen. But Tanner’s program looks at very small portions of the song, about five segments per second, and analyzes which tones are most dominant. Then data is added to the dominant tones a bit above and a bit below the frequencies. Because the data is now masked in the dominant tones, the song doesn’t sound different to the human ear, but it does to a microphone.
The data is transferred in about 400 bits per second. Accounting for error correction, and assuming some bits will be wrong, that leaves 200 bits, which is about 25 letters or characters, which could the length of a wifi password, a website URL or a short message.
“Some of the best uses for this would be in places where there is always music playing,” said Tanner, mentioning department stores, hotel lobbies or transportation hubs. Background music at a hotel could contain passwords for the local Wi-Fi network, which would be received by the built-in microphone of a smartphone and decoded with the use of a downloadable app, which is not yet available to the public, giving guests access without having to enter a password.
Another possible use for this technology is spying, says A. Brinton Cooper III, an Associate Research Professor in Johns Hopkins’ Department of Electrical and Computer Engineering, who wasn’t involved in the study. The tech could be used to distribute encryption keys to a set of people in the same area, like a shopping mall or airport.
“This could support covert information gathering or to coordinate a multi-point terrorist attack,” Cooper wrote in an email. “Such short codes are not very secure, as they can be cracked quickly by a cloud computer, but for short-term, unexpected, quick-reaction operation, they could be useful.”
As the research continues to mature, Brint says, the amount of data that can be stuffed into a Metallica song will likely expand from 400 bits, or 25 characters, to 1120 bits, which is the length of a standard text message.
But this will never be a system for mass data transfer. For one thing, the more data you put into a song, the more noticeable it comes and the more difficult it is to hide. And this system of placing data in music isn’t quicker than current data transfer systems. The average internet connection works a lot faster than 10 kilobits a second, which is the frequency normal microphones can receive. And even though a song might be the last place people would look for encoded data, it isn’t the most secure system. Anyone in the room with a decoder could receive the data with the app.
“It might be slightly more secure than sending someone a wifi password and having that written down,” says Tanner, “but really anyone can receive this transmission.”
Essl agrees with Tanner that this tech could have a wide application. “It would be very cheap because every smartphone, even an old one, has a microphone and a loudspeaker,” Essl says. “So the infrastructure, in some sense, is there. The hardware is already in our hands. It’s just a question of creating a way to access it.”