Malware jumps 'air gap' between non-networked devices
Researchers create proof-of-concept software to show how standalone computers can communicate via built-in speakers and microphones.
Computer scientists have developed malware capable of establishing communications between devices that don't have active network connections. The discovery threatens the perceived protection of the "air gap" that separates standalone devices.
Using the built-in microphones and speakers found on PCs, the lab-created prototype malware uses inaudible audio signals to transmit small amounts of data over covert channels at distances of nearly 65 feet. The distance can be increased by creating a network of devices that repeat the signals.
The proof-of-concept software, detailed in the Journal of Communications, suggests that a lack of an Internet connection isn't enough to insulate sensitive internal computer systems from the outside world. The research comes after the recent disclosure of mysterious malware that used high-frequency signals to hurdle between non-networked devices.
Using the microphones and speakers on a pair of Lenovo T400s, the researchers adapted software originally created to facilitate robust underwater communications. Originally developed by the Research Department for Underwater Acoustics and Marine Geophysics and based on an open-source development toolkit for signal processing, the adaptive communication system modem was able to transmit data of 20bps up to 19.7 meters (64.6 feet) apart. Greater distances could be achieved by forming an acoustical mesh network with the addition of nearby devices to the chain.
Despite the small transmission rates, the researchers warned that attackers could arm the malware with keyloggers to record sensitive information, such as login credentials.
"The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered," the researchers wrote.
As countermeasures, the researchers propose using a host-based intrusion detection system for analyzing audio signals and a low-pass filter that allows low-frequency signals to pass while gradually reducing the force of higher frequency signals.
[Via Ars Technica ]