The primary network that smartphones are connected to is the cellular network; however, very little effort has been put in to find out the possible security issues that could endanger this network and its end users. A new possible threat that could occur in the cellular network is introduced in this research. The research analyzes the ability to use the cellular network voice channel to leak information from the smartphones applications. It studies the ability to employ the cellular voice channel to be a possible medium of information leakage to convey modulated speech-like data covertly. A demonstration shown by a research group at the Rochester Institute of Technology (RIT) showed how one could create a covert data channel by using a smartphone’s cellular voice channel. To validate the theory, an Android software audio modem was developed that is able to convert the digital data into audio waves and administer the audio waves to the GSM channel. It was found out that the data was successfully leaked through the cellular voice channel by carrying modulated data with an output of 13 bps with 0.018% BER. Moreover, a user-mode rootkit was implemented to open the voice channels by secretly answering an incoming voice call, thus breaking the Android security policies. Various scenarios were created in order to find out the effectiveness of the proposed covert channel. This study indicates a new potential smartphone covert channel, and talks about some security susceptibilities in Android OS that allows the use of this channel clearly indicating the need to set countermeasures against breaking the network policies.
