Hacking a computer through sound waves inaudible to the human ear, which are then transmitted through the system’s speakers may sound like the setup to a James Bond movie. However, according to a pair of German researchers, it’s not just the stuff spy movies are made of.
In a study published in the November issue of the Journal of Communications, researchers Michael Hanspach and Michael Goetz of Fraunhofer Institute for Communication in Berlin described an experiment they conducted demonstrating the feasibility of a long-hypothesized technique called ‟covert acoustical networking.” The experiment showed how hackers could gain access to computer networks that would otherwise be considered impenetrable in an ingenious new way.
Using technology originally designed to transmit data underwater, Goetz and Hanspach were able to send and receive tiny packets of information between standard Lenovo laptops of the sort used by businesses around the world.
The technique does have some limitations. It can only transmit at the miniscule rate of 20 bits per second and over a span of just over 60 feet. This is far too slow to send things like audio or video files, but it is enough to enough to capture crucial pieces of information like passwords or other sensitive data recorded by key-logging software.
In order to send or receive information in this manner, a computer first needs to be infected with a specific piece of software—meaning that fears of someone hacking your computer by holding a sound-source near it are probably unfounded. Even so, it could give enterprising hackers the ability to get data off of computers that have been ‟air gapped.” This means they have been physically separated from the Internet in order to ensure security. If hackers managed to get a piece of malware onto an air gapped computer—through an infected USB stick, for example—the program could transmit from that computer’s speakers to other nearby computers that had also been infected. The signal could bounce from device to device, creating what’s called a ‟mesh network,” until it finds a computer with Internet access. From there, it could finally send information back to the hackers.
The authors go on to hypothesize other possible nefarious uses for the technology. ‟For instance, it might be possible to break two-factor authentication by extracting the authentication feedback of a hardware dongle or a smartcard,” they write. ‟This way, it might be possible to authenticate oneself to a service with the credentials of a different user who tries to authenticate himself at the very moment.”
GizMag notes similar technology has been employed to transmit the equivalent of audio QR codes.
Since this technique had never before been successfully executed, it’s unlikely systems administrators have seriously considered ways to secure against it. “It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered,” Goetz and Hanspach explained.
They do suggest some methods of defense. The simplest way would be to disconnect a computer’s speakers or microphone. However, if those features can’t be switched off, implementing audio filtering would also suffice.
While the study’s authors built this system as a simple “proof of concept,” similar viruses may already exist. Security consultant Dragos Ruiu told Ars Technica that a mysterious piece of malware dubbed badBIOS that infected his computer had, "the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge air gaps."