Researchers create malware that communicates via silent sound, no network needed

[Nytro]

Researchers create malware that communicates via silent sound, no network needed

Brad Chacos @BradChacos

When security researcher Dragos Ruiu claimed malware dubbed “badBIOS” allowed infected machines to communicate using sound waves alone—no network connection needed—people said he was crazy. New research from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests he’s all too sane.

As outlined in the Journal of Communications (PDF) and first spotted by ArsTechnica, the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky!

The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached.

The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio “mesh” network, similar to the way Wi-Fi repeaters work.

While the research doesn’t prove Ruiu’s badBIOS claims, it does show that the so-called “air gap” defense—that is, leaving computers with critical information disconnected from any networks—could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware.

Sending data via sound

Transmitting data via sound waves has one glaring drawback, however: It’s slow. Terribly slow. Hanspach and Goetz’s malware topped out at a sluggish 20 bits-per-second transfer rate, but that was still fast enough to transmit keystrokes, passwords, PGP encryption keys, and other small bursts of information.

“We use the keylogging software logkeys for our experiment,” they wrote. “The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place.”

In another test, the researchers used sound waves to send keystroke information to a network-connected computer, which then sent the information to the “attacker” via email.

Now for the good news: This advanced proof-of-concept prototype isn’t likely to work its way into everyday malware anytime soon, especially since badware that communicates via normal Net means should be all that’s needed to infect the PCs of most users. Nevertheless, it’s ominous to see the last-line “air gap” defense fall prey to attack—especially in an age of state-sponsored malware run rampant.

Lead microphone image: visual.dichotomy via Flickr/Creative Commons

Sursa: Researchers create malware that communicates via silent sound, no network needed | PCWorld

[Guest Kovalski]

Nici nu vreau sa-mi imaginez o astfel de infrastructura in wild.

Doar ca fapt divers.

Masina infectata cu Andromeda ce comunica via sound, sau mai rau, cu ceva banking shit, KINS/DEXTER/Alina/Carberp

Pentru binele tuturor sper ca asa ceva sa nu ajunga public, chiar daca ideea a fost deja "scapata" si avem destui baieti inteligenti care sa poata creea un astfel de system.

[shaggi]

E util pentru malware-urile pe telefoanele mobile.. ca doar nu or fi 3 PC-uri per 10mp ca sa se transmita