Researchers Create Malware That Jumps Air Gaps Using Inaudible Sound

Audio listen - Shutterstock - © Ryan Jorgensen - Jorgo

Experiment shows malware can transmit stolen data using standard microphones and speakers, but there are clear limitations

Researchers have created malware that uses inaudible audio signals to transmit stolen data without the need for an Internet connection, using standard laptop microphones and speakers.

The researchers, from the Fraunhofer Institute for Communication, Information Processing, and Ergonomics in Germany, adapted a system used for underwater communications to carry out “covert acoustical communication over the air”.

They successfully showed a method of having malware – a “multi-hop acoustical keylogger” –  transmit pilfered data over inaudible frequencies in the ultrasonic or near ultrasonic frequency range.

Audio listen - Shutterstock - © Ryan Jorgensen - JorgoMalware over the air

In an experiment involving a host of Lenovo laptops running Debian Wheezy, the researchers were also able to send stolen keystrokes to a remote email server, using a mesh network.

In their paper, they theorised that worse things could be done using this setup, such as stealing authentication credentials, encryption keys, or other vital data. Pilfering anything that would use up greater bandwidth, however, would not be possible due to the small transmission rate of approximately 20bps.

Given many critical infrastructure setups involve an air gap as a security measure, the findings may prove alarming. The beauty of the technique is that it does not initially rely on an Internet connection, although effective data exfiltration would require connectivity.

Governments would likely be interested in the project, one of the paper’s authors, Michael Hanspach, told TechWeekEurope. The Fraunhofer Institute is involved in a number of public defence projects too, some of which focus on securing systems rather than anything offensive.

“Those with the highest security precautions need to be aware of this attack pattern and have to implement countermeasures,” Hanspach added, in an email.

Limitations

There are simple precautions organisations can take. One easy way to prevent such sneaky malware transmission is to turn audio off. As the paper says, it “would be an easy solution to just disallow access to the audio hardware”. The proof of concept would largely be applicable from PC to PC, given they tend to have audio switched on the majority of the time.

Another limitation would be that the “drones” involved would need to have a compatible acoustic communication system.

Distance would be another issue, as signals would weaken the longer they travelled. The researchers were successful in a 25 metre-long corridor.

People might get in the way too. “In another test, the absorption of acoustic waves by humans, walking through the experiment setup and, therefore, blocking the line of sight between two nodes, was found to have an adverse effect on connectivity,” the paper read.

The idea of malicious types transmitting data over audio frequencies has been getting much attention of late, since security expert Dragos Ruiu claimed the BadBIOS malware was doing just that. But there has been no peer review of his theories and he tweeted in November that the “odd items I’ve seen in earlier dumps aren’t there”. “My apologies for wasting anyone’s time.”

Researchers have advised anyone concerned to adopt a security-in-depth strategy.

“There are always new ways to penetrate a system but this only reinforces the need to have multi-layered and integrated defenses in place,” Francois Paget, a McAfee Labs researcher, told TechWeekEurope.

“Intelligence needs to be built into the defenses in order to properly protect these types of attacks.  Having a bunch of point solutions can’t properly protect from this type of attack.”

Are you a security expert? Try our quiz!