http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/
By Dan Goodin
Ars Technica
Dec 2 2013
Computer scientists have developed a malware prototype that uses inaudible
audio signals to communicate, a capability that allows the malware to
covertly transmit keystrokes and other sensitive data even when infected
machines have no network connection.
The proof-of-concept software—or malicious trojans that adopt the same
high-frequency communication methods—could prove especially adept in
penetrating highly sensitive environments that routinely place an "air
gap" between computers and the outside world. Using nothing more than the
built-in microphones and speakers of standard computers, the researchers
were able to transmit passwords and other small amounts of data from
distances of almost 65 feet. The software can transfer data at much
greater distances by employing an acoustical mesh network made up of
attacker-controlled devices that repeat the audio signals.
The researchers, from Germany's Fraunhofer Institute for Communication,
Information Processing, and Ergonomics, recently disclosed their findings
in a paper published in the Journal of Communications. It came a few weeks
after a security researcher said his computers were infected with a
mysterious piece of malware that used high-frequency transmissions to jump
air gaps. The new research neither confirms nor disproves Dragos Ruiu's
claims of the so-called badBIOS infections, but it does show that
high-frequency networking is easily within the grasp of today's malware.
"In our article, we describe how the complete concept of air gaps can be
considered obsolete as commonly available laptops can communicate over
their internal speakers and microphones and even form a covert acoustical
mesh network," one of the authors, Michael Hanspach, wrote in an e-mail.
"Over this covert network, information can travel over multiple hops of
infected nodes, connecting completely isolated computing systems and
networks (e.g. the internet) to each other. We also propose some
countermeasures against participation in a covert network."
[...]
--
Dean Bushmiller teaches a great 5-Day CISM in Albany NY Dec. 2 6.
Call 327-937-9786 for details.
