Mobile devices can be protected by a variety of information flow control systems. These systems can prevent Trojans from leaking secrets over network connections. As mobile devices become more secure, attackers will begin to use unconventional methods for exfiltrating data.
We propose two sound-based covert channels, ultrasonic and isolated sound. Speakers on mobile devices can produce frequencies too high for most humans to hear. This ultrasonic sound can be received by a microphone on the same device or on another device. We implemented an ultrasonic modem for Android and found that it could send signals up to 100 feet away. We also determined that this attack is practical with the transmitter inside of a pocket. Android devices with vibrators can produce short vibrations which create isolated sound. These vibrations can be detected by the accelerometer, but they are not loud enough for humans to hear. If performed while the user is not holding the device, the vibrations will not be noticed.
Both covert channels can stealthily bypass many information flow control mechanisms. We propose several simple solutions to these vulnerabilities. In order to guarantee information flow control, sound-based channels must be regulated.