Wednesday 14 March 2018

Researchers Let Malware Send Data Via Loudspeakers



Researchers at Ben-Gurion University have developed malware that can steal data from systems that are not connected to the internet via passive loudspeakers. Because of the risk of attacks, it is a lot of advice to not connect computers with confidential data to the internet.

This is also called an air gap. An offline computer can still be infected, for example via USB sticks or a malicious employee. In order to steal data from an infected offline computer, Ben-Gurion University researchers have developed various methods in the past, such as the use of speakers , air conditioning , sound from the hard disk , fans , radio waves , infrared cameras , scanners , heat emitted. , usb radiation , mobile phones , hard drive lights and router lights to return the data directly to the attacker or via an infected computer or smartphone connected to the Internet.


The researchers are now demonstrating a new method called Mosquito ( pdf ) in which "speaker-to-speaker" communication is used to steal data from a computer that is not connected to the internet. The scenario that the researchers sketch consists of a room with two computers, one of which is and one is not connected to the internet. Both computers are infected with malware and have passive speakers or headphones. The malware then exploits a feature of the audio chip that changes the connected speakers of output device into an input device (microphone).

Malware on one computer can then transmit information via the speakers and the use of ultrasonic waves that are collected by the speakers of the other computer, which have in fact become a microphone. In this way it is possible to send data at a speed of 10 - 166 bits / sec at a distance of 9 meters between the computers. If headphones are used instead of loudspeakers, a distance of 3 meters is possible.

The researchers state that in heavily guarded settings it is common to ban both active and passive loudspeakers, in order to create an air gap. Less stringent rules prohibit the use of microphones, but allow the use of "one-way" speakers. In many cases, the policy and security measures do not apply to modern headphones, which are basically non-powered and unenhanced loudspeakers. Mosquito could be effective in these situations.

To prevent such attacks, organizations can take various measures, such as prohibiting the use of speakers, headphones or earphones, using active speakers, disabling the audio codec in the bios, detecting ultrasonic transmissions, and using low-pass filters.

No comments:

Post a Comment