Malware That’s Transmitted Through Sound

At some point, we have all had the displeasure of dealing with malware, which can be a headache to remedy. Malware (short for malicious software), is designed to gain access to private PCs, acquire sensitive material (passwords, account numbers, etc.), and generally disrupt normal computer functions. It is normally installed covertly by opening suspicious email attachments, visiting dubious websites, or directly through software downloads.

Suffice it to say, the dastardly software was acquired through online-connected PCs or mobile devices before it wreaked havoc and made us insane. As scary as it may sound, malware can now be transmitted wirelessly through inaudible sound, thanks to some scientists from the Fraunhofer Institute for Communication, Information Processing and Ergonomics.

Actually, the scientists created proof-of-concept software and it isn't actually in use. The acoustical malware is capable of transmitting itself using a PC's built-in microphone and speakers, which the scientists used to send small amounts of data and passwords to other test machines at distances of about 65 feet. No Internet connection or WiFi was used to accomplish this feat and the PC's supposedly safe air gap (physically isolated from networks) security measure was successfully circumvented.

The science team states in a recently released paper that data transfer can happen at greater distances using a network mesh of signal devices to relay the malicious code. Several methods of deployment were developed to send the inaudible data (using two Lenovo T400 laptops), with one using tech that was designed to acoustically transmit data underwater. This technique uses an ACS (Adaptive Communication System) modem, which was able to transmit small (20kb) amounts of data at a distance of 64 feet.

The scientists designed their NFC (Near-Field Communications) malware delivery system using a special algorithm that is able to hop different frequencies and install small amounts of data, not only to secure air gap networks, but to wireless mesh networks, as well. The potential damage that their acoustic malware can cause is significant, so much so that hardened federal agency and military networks can no longer be considered safe against malicious attacks. However, the scientists have divulged several counter measures that can be put into place to nullify acoustical intrusions, with one being simply to shut off the PCs audio input/output devices. Another method is to install audio filters that are capable of blocking certain high frequency ranges that are used to transmit covert data.

Should we worry about our systems becoming hacked and key-logged in the near future? Yes and no, as only 20kb of data can currently be transmitted or received at only at short distances, making it wholly inefficient in infecting long-range systems (100 ft to 200 ft). On the other hand, the proof-of-concept is there and if it hasn't been field tested yet, you can bet on it being done very soon and you can bet on hackers gaining access to the algorithm.

Related posts: