Jump to content
Silviu

Malware that transfers stolen data using Inaudible Audio signals

Recommended Posts

Posted

If you think that a computer which is not connected to a network, doesn't have any USB sticks attached to it and doesn’t accept any kind of electronic connection requests are reasonably safe against hackers and from all the malware, then you are Wrong.

Here we have something shocking update that Some German Scientists have developed a proof of concept Malware prototype, could allow a hacker to infect your computers and other digital devices just using Inaudible Audio signals.

The ability to bridge an air gap could be a potent infection vector. Just imagine, a cyber attack using high-frequency sound waves to infect machines, where stolen data also can be transferred back to attacker without a network connection, Sounds very terrifying ?

When a few weeks ago, a security researcher Dragos Ruiu claimed malware dubbed badBIOS allowed infected machines to communicate using sound waves alone, means that the devices are physically disconnected from any networks, including the internet, people said he was crazy.

Malware+that+transfers+stolen+data+using+Inaudible+Audio+signals.png

But Now German Researchers have published a paper on how malware can be designed to cross the air gap by transmitting information through speakers and recording it via microphone.

Rather than relying on TCP-IP, they used a network stack originally developed for underwater communication and the signal was propagated through the use of a software-defined modem based on the GNU Radio project.

In a scenario based hacking, “The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place.” paper explained.

Malware+that+transfers+stolen+data+using+Inaudible+Audio+signals.png

In another scenario, the researchers used sound waves to send keystroke information to a network-connected computer, which then sent the information to the attacker via email.

While the research doesn’t prove Dragos Ruiu’s badBIOS claims, but it does show that even if the system is disconnected from any network, could still be vulnerable to attackers. However, I would like to appreciate Dragos dedication about badBIOS research because this extraordinary concept was first introduced by him only.

Researchers POC Malware is able to transfer data at 20 bits per second only, which is very low, but that's still capable of transferring your password or credit card number to the hacker in a few seconds.

Some basic countermeasures one can adopt to protect against such malware are:

*Switching off the audio input and output devices from the system.

*Employ audio filtering that blocks high-frequency ranges.

*Using an Audio Intrusion Detection Guard.

Sursa: thehackernews.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...