• Corpus ID: 1657916

Inaudible Sound as a Covert Channel in Mobile Devices

@inproceedings{Deshotels2014InaudibleSA,
  title={Inaudible Sound as a Covert Channel in Mobile Devices},
  author={Luke Deshotels},
  booktitle={Workshop on Offensive Technologies},
  year={2014}
}
  • Luke Deshotels
  • Published in
    Workshop on Offensive…
     19 August 2014
  • Computer Science
Mobile devices can be protected by a variety of information flow control systems. These systems can prevent Trojans from leaking secrets over network connections. As mobile devices become more secure, attackers will begin to use unconventional methods for exfiltrating data. We propose two sound-based covert channels, ultrasonic and isolated sound. Speakers on mobile devices can produce frequencies too high for most humans to hear. This ultrasonic sound can be received by a microphone on the… 
View Paper
usenix.org
110 Citations
Highly Influential Citations
7
Background Citations
61
Methods Citations
14
Results Citations
1

Figures from this paper

110 Citations

NICScatter: Backscatter as a Covert Channel in Mobile Devices

A covert channel threat on existing mobile systems that allows the malware to stealthily pass sensitive data to an attacker's nearby mobile device, which can then decode the signal and thus effectively gather the guarded data.

NICSca er: Backsca er as a Covert Channel in Mobile Devices

A covert channel threat on existing mobile systems is discussed, which allows the malware to stealthily pass sensitive data to an attacker’s nearby mobile device, which can then decode the signal and thus gather the guarded data.

Privacy Breach in Android Smartphone Through Inaudible Sound

A dynamic vocabulary selection strategy to facilitate faster data transmission in ultrasonic side-channel attacks and a novel piecewise linear amplitude reduction technique that helps the system to achieve a higher bit-rate and higher amplitude for a long time are proposed.

Exfiltrating data from air-gapped computers via ViBrAtIoNs

Zero-permission acoustic cross-device tracking

A novel approach to acoustic cross-device tracking is introduced, which does not require microphone access, but instead exploits the susceptibility of MEMS gyroscopes to acoustic vibrations at specific (ultrasonic) frequencies.

Using Inaudible Audio and Voice Assistants to Transmit Sensitive Data over Telephony

The results show that voice assistants in the vicinity of computers can pose new threats to data stored on such computers, which are not addressed by traditional host and network defenses.

GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes

The experiments show that attackers can exfiltrate sensitive information from air-gapped computers to smartphones located a few meters away via Speakers-to-Gyroscope covert channel via GAIROSCOPE, an ultrasonic covert channel that doesn’t require a microphone on the receiving side.

Privacy Threats through Ultrasonic Side Channels on Mobile Devices

The capabilities, the current prevalence and technical limitations of this new tracking technique based on three commercial tracking solutions are explored, and detection approaches for ultrasonic beacons and Android applications capable of processing these are developed.

POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers

The developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities, and the POWER-SUPPLaY code can operate from an ordinary user-mode process and doesn't need any hardware access or special privileges.

BAT: real-time inaudible sound capture with smartphones

BAT, a novel real-time bidirectional communication system using inaudible frequencies that enables unobtrusive speaker-microphone data communication without affecting the primary audio-hearing experience of users is proposed.
...

References

SHOWING 1-10 OF 18 REFERENCES

Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones

This work presents Soundcomber, a Trojan with few and innocuous permissions, that can extract a small amount of targeted private information from the audio sensor of the phone, and performs efficient, stealthy local extraction, thereby greatly reducing the communication cost for delivering stolen data.

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain

Examining the characteristics and implications of sensor side channels

The ultimate goal of this work is to illustrate the need for intrusion detection systems (IDSs) that not only monitor the RF channel, but also monitor the values returned by the sensory components.

Tapprints: your finger taps have fingerprints

The location of screen taps on modern smartphones and tablets can be identified from accelerometer and gyroscope readings, and TapPrints, a framework for inferring the location of taps on mobile device touch-screens using motion sensor data combined with machine learning analysis is presented.

On Covert Acoustical Mesh Networks in Air

It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustICAL communications are usually not considered.

Mitigating Android Software Misuse Before It Happens

The Kirin security framework is developed to enforce policy that transcends applications, called policy invariants, and provides an “at installation” self-certification process to ensure only policy compliant applications will be installed.

ASM: A Programmable Interface for Extending Android Security

The Android Security Modules (ASM) framework is proposed, which provides a programmable interface for defining new reference monitors for Android and envision ASM enabling in-the-field security enhancement of Android devices without requiring root access, a significant limitation of existing bring-your-own-device solutions.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.

Preventing accidental data disclosure in modern operating systems

In Aquifer, application developers define secrecy restrictions that protect the entire user interface workflow defining the user task and allows applications to retain control of data even after it is shared.

MockDroid: trading privacy for application functionality on smartphones

MockDroid allows users to revoke access to particular resources at run-time, encouraging users to consider the trade-off between functionality and the disclosure of personal information whilst they use an application.