Over the past few years there has been an increase in the use of sound as a communications channel for device-to-device communications. This practice has been termed Data-Over-Sound (DOS) and has been billed as a cheap and easy to use alternative to traditional communications protocols such as Wi-Fi and Bluetooth. As this is a relatively new technology, it is lacking any kind of standardisation, while different manufacturers and companies offer competing technologies with different implementations and varying levels of security. This means that as this technology gains more momentum there are likely to be a number of security questions raised and assurances sought.
Of particular interest is the use of Ultrasound (20kHz+) or Near-Ultrasound (16kHz-20kHz) for the purpose of device to device communications. These frequencies are outside the hearing range of most adults and so ultrasound or near ultrasound can be used as a covert communications channel. Manufacturers and developers favour these frequencies due to improved noise resilience and bandwidth in comparison to audible frequencies. As a result, the majority of DOS technologies and use cases use these frequency ranges. This paper examines the use of Ultrasound and Near Ultrasound as a communications channel and evaluates potential security issues within them.