Researchers create proof-of-concept software to show how computers without network connections can communicate via built-in speakers and microphones.
Computer scientists have developed malware capable of establishing communications between devices that don’t have active network connections, threatening the reliability of the “air gap” frequently used to protect information.
Using the built-in microphones and speakers found on PCs, the lab-created prototype malware that uses inaudible audio signals to transmit small amounts of data over covert channels at distances of nearly 65 feet. The distance can be increased by creating a network of devices that repeat the signals.
The proof-of-concept software, detailed in the Journal of Communications, suggests that a lack of an Internet connection isn’t enough to insulate sensitive internal computer systems from the outside world. The research comes after the recent disclosure of mysterious malware that used high-frequency signals to hurdle between non-connected devices.
New zero-day bug targets IE users in drive-by attack
Microsoft finally fixes critical Internet Explorer vulnerability
New OS X Trojan found and blocked by Apple’s XProtect
Using the microphones and speakers on a pair of Lenovo T400s, the researchers adapted software originally created to facilitate robust underwater communications. Originally developed by the Research Department for Underwater Acoustics and Marine Geophysics and based on an open-source development toolkit for signal processing, the adaptive communication system modem was able to transmit data of 20 bits per second up to 19.7 meters (64.6 feet) apart. Greater distances could be achieved by forming an acoustical mesh network with the addition of nearby devices to the chain.
Despite the small transmission rates, the researchers warned that attackers could arm the malware with keyloggers to record sensitive information such as victims’ login credentials.
“The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered,” the researchers wrote. As countermeasures, the pair propose use of a host-based intrusion detection system for analyzing audio signals and a low-pass filter that allows low-frequency signals to pass while gradually reducing the force of higher frequency signals.