sponsors
usenix conference policies
Inaudible Sound as a Covert Channel in Mobile Devices
Luke Deshotels, North Carolina State University
Mobile devices can be protected by a variety of information flow control systems. These systems can prevent Trojans from leaking secrets over network connections. As mobile devices become more secure, attackers will begin to use unconventional methods for exfiltrating data.
We propose two sound-based covert channels, ultrasonic and isolated sound. Speakers on mobile devices can produce frequencies too high for most humans to hear. This ultrasonic sound can be received by a microphone on the same device or on another device. We implemented an ultrasonic modem for Android and found that it could send signals up to 100 feet away. We also determined that this attack is practical with the transmitter inside of a pocket. Android devices with vibrators can produce short vibrations which create isolated sound. These vibrations can be detected by the accelerometer, but they are not loud enough for humans to hear. If performed while the user is not holding the device, the vibrations will not be noticed.
Both covert channels can stealthily bypass many information flow control mechanisms. We propose several simple solutions to these vulnerabilities. In order to guarantee information flow control, sound-based channels must be regulated.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Luke Deshotels},
title = {Inaudible Sound as a Covert Channel in Mobile Devices},
booktitle = {8th USENIX Workshop on Offensive Technologies (WOOT 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/woot14/workshop-program/presentation/deshotels},
publisher = {USENIX Association},
month = aug
}
connect with us