Acoustic & vibrational threat defense

Security for the things you can't hear.

Your network monitoring, your EDR, your firewall — all of them are deaf. Data can leave an air-gapped machine as speaker tones, fan noise, or surface vibration, and slip past every defense you own. CovertWave listens to the channel nobody is watching: it detects, decodes, and disrupts covert acoustic data exchange.

Request a briefing See the live demo ↓

Sub-audible<20 Hz
Surface vibration channels (AiR-ViBeR)

Audible20 Hz–18 kHz
ggwave / GibberLink, fan & HDD noise

Near-ultrasonic18–20 kHz
Tracking beacons (SilverPush)

Ultrasonic>20 kHz
Air-gap exfiltration, gyroscope channels

The blind spot

A decade of research, zero coverage in your stack.

These aren't hypotheticals. Each one is a published, demonstrated technique for moving data through sound or vibration — past the air gap that "secure" facilities rely on.

Exfiltration

Speakerless leaks

Fansmitter and DiskFiltration (Guri et al.) move data off air-gapped machines using fan and hard-drive noise — no speakers required. ~3–15 bits/sec, meters away.

Mic-less receivers

Gyroscope channels

GAIROSCOPE leaks data to a phone with no microphone access, by resonating its MEMS gyroscope with ultrasonic tones. The "safe" sensor isn't safe.

Vibration

The desk is the wire

AiR-ViBeR encodes data into surface vibrations a machine induces in the table it sits on — read by a nearby phone's accelerometer. Your instinct about vibration was right.

Tracking

Inaudible beacons

SilverPush-style ultrasonic beacons tracked 18M+ devices and drew FTC enforcement. The same physics can de-anonymize a Tor user through their phone's mic.

AI-to-AI

Machine-native audio

GibberLink showed agents dropping human speech for ggwave tones mid-call. As voice agents proliferate, audio channels carry data no human or auditor can read.

The gap

No acoustic SIEM

Existing defenses (SoniControl, SilverDog) are narrow research prototypes — ultrasonic-only, mobile-only. No enterprise platform detects, decodes, logs, and responds. That's the space to own.

How it works

Listen. Decode. Decide.

An acoustic sensor and analysis pipeline that treats sound as a monitored medium — the way your network stack treats packets.

Capture. Calibrated wide-band microphones (and accelerometers for vibration) sample the room continuously, sub-audible through ultrasonic.
Detect. An ML classifier separates covert signaling from speech, music, and HVAC noise — tuned for low false positives, the metric that actually matters.
Decode. Flagged segments run against a bank of protocol decoders (ggwave variants and more), extracting payloads where possible.
Fingerprint. Unknown signals are clustered into families, building a shared acoustic threat-intelligence library across deployments.
Respond. Alert, log to your SIEM, or actively deny — targeted band-limited masking that neutralizes the channel without flooding the room.
Govern. Every detection is logged with a plain-language summary, so an auditor can review machine-native audio they could never have heard.

Design tension

Disruption vs. detection

You asked the sharp question: if we jam the channel, what happens to detection? Jamming raises the room's noise floor — which masks the covert signal but also blinds your own decoder. You can't read what you're drowning out.

The answer is sequencing: detect passively first, characterize the exact band and timing, then apply reactive, narrow-band denial only on that signature. A "honeypot" mode goes further — let the channel run, but feed it controlled false data and watch who's listening.

Live demo · runs entirely in your browser

Visitor Signal — transparency as a product.

An anti-surveillance company has to track visitors the honest way. So here's ours, turned inside out: with your consent, this panel reads the signals your browser already broadcasts to every website and shows them back to you. Nothing leaves your device on this page. On a live deployment, only the fields you allow would be logged to our own server — never sold, never fingerprinted.

VISITOR SIGNAL // SESSION

collection paused

on-device only consent-gated no fingerprinting no third parties

Note: a real site needs a small server to count and compare visitors over time — a single page can only see the person currently on it. The accompanying analytics-worker.js file does that aggregation the privacy-first way (hashed, no raw IPs stored, honors Do-Not-Track).

Design partners

Run a 30-day acoustic assessment.

We're partnering with a small number of facilities — defense, critical infrastructure, R&D labs, and secure boardrooms — to baseline their acoustic exposure. You get a forensic report; we get ground truth. Central Florida's defense and simulation cluster is our first beachhead.

Start the conversation