{"id":4139,"date":"2013-12-05T10:00:16","date_gmt":"2013-12-05T15:00:16","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=4139"},"modified":"2013-12-05T10:00:16","modified_gmt":"2013-12-05T15:00:16","slug":"researchers-create-malware-that-communicates-via-silent-sound-no-network-needed","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/12\/05\/researchers-create-malware-that-communicates-via-silent-sound-no-network-needed\/","title":{"rendered":"Researchers create malware that communicates via silent sound, no network needed"},"content":{"rendered":"

\"\"<\/a><\/p>\n

When security researcher Dragos Ruiu claimed malware dubbed \u201cbadBIOS\u201d allowed infected machines to communicate using sound waves alone\u2014no network connection needed\u2014people said he was crazy. New research from Germany\u2019s Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests he\u2019s all too sane.<\/p>\n

As outlined in the Journal of Communications (PDF) and first spotted by ArsTechnica, the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks\u2019 built-in microphones and speakers. Freaky-deaky!<\/p>\n

“The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached.”<\/p>\n

The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio \u201cmesh\u201d network, similar to the way Wi-Fi repeaters work.<\/p>\n

While the research doesn\u2019t prove Ruiu\u2019s badBIOS claims, it does show that the so-called \u201cair gap\u201d defense\u2014that is, leaving computers with critical information disconnected from any networks\u2014could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware.<\/p>\n

\"\"<\/a><\/p>\n

Transmitting data via sound waves has one glaring drawback, however: It\u2019s slow. Terribly slow. Hanspach and Goetz\u2019s malware topped out at a sluggish 20 bits-per-second transfer rate, but that was still fast enough to transmit keystrokes, passwords, PGP encryption keys, and other small bursts of information.<\/p>\n

\u201cWe use the keylogging software logkeys for our experiment,\u201d they wrote. \u201cThe infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place.\u201d<\/p>\n

In another test, the researchers used sound waves to send keystroke information to a network-connected computer, which then sent the information to the \u201cattacker\u201d via email.<\/p>\n

Now for the good news: This advanced proof-of-concept prototype isn\u2019t likely to work its way into everyday malware anytime soon, especially since badware that communicates via normal Net means should be all that\u2019s needed to infect the PCs of most users. Nevertheless, it\u2019s ominous to see the last-line \u201cair gap\u201d defense fall prey to attack\u2014especially in an age of state-sponsored malware run rampant.<\/p>\n

via Researchers create malware that communicates via silent sound, no network needed | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

When security researcher Dragos Ruiu claimed malware dubbed \u201cbadBIOS\u201d allowed infected machines to communicate using sound waves alone\u2014no network connection […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[109,655],"class_list":["post-4139","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-audio","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-14L","jetpack-related-posts":[{"id":7150,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/17\/russian-malware-targets-wordpress-users-over-100000-sites-infected\/","url_meta":{"origin":4139,"position":0},"title":"Russian malware targets WordPress users, over 100,000 sites infected","author":"NCCT","date":"December 17, 2014","format":false,"excerpt":"Our blog was not affected...NCCT. A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri. The malware exploits a previously-known vulnerability in a WordPress plugin called\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6294,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/27\/research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads\/","url_meta":{"origin":4139,"position":1},"title":"Research team creates undetectable malware bound to legitimate software downloads","author":"NCCT","date":"August 27, 2014","format":false,"excerpt":"Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like phishing scams, poor password management, and things of that nature. But now it seems as though a research team from Germany has developed on all new strain of malware. The\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5750,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/11\/one-click-test-finds-gameover-zeus-infections-on-pcs\/","url_meta":{"origin":4139,"position":2},"title":"One-click test finds Gameover Zeus infections on PCs","author":"NCCT","date":"June 11, 2014","format":false,"excerpt":"Users can test by simply visiting a Web page if their computers have been infected with Gameover Zeus, a sophisticated online banking Trojan that law enforcement officers temporarily disrupted last week. The one-click test was developed by security researchers from antivirus vendor F-Secure and takes advantage of the malware\u2019s aggressive\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3106,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/05\/attackers-reported-seeding-cloud-services-with-malware\/","url_meta":{"origin":4139,"position":3},"title":"Attackers reported seeding cloud services with malware","author":"NCCT","date":"August 5, 2013","format":false,"excerpt":"LAS VEGAS -- Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week's Black Hat conference here. Traditionally, malware writers had distributed their malicious code from their own sites. But as security vendors get better\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8923,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/this-botnet-has-infected-nearly-a-million-devices-since-2014\/","url_meta":{"origin":4139,"position":4},"title":"This botnet has infected nearly a million devices since 2014","author":"NCCT","date":"May 17, 2016","format":false,"excerpt":"By Shawn Knight | TechSpot One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google\u2019s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they're being\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":4139,"position":5},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=4139"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4139\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=4139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=4139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=4139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}