When security researcher Dragos Ruiu claimed malware dubbed "badBIOS" allowed infected machines to communicate using sound waves alone--no network connection needed--people said he was crazy. New research from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests he's all too sane.
As outlined in the Journal of Communications (PDF) and first spotted by ArsTechnica, the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks' built-in microphones and speakers. Freaky-deaky!
The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio "mesh" network, similar to the way Wi-Fi repeaters work.
While the research doesn't prove Ruiu's badBIOS claims, it does show that the so-called "air gap" defense--that is, leaving computers with critical information disconnected from any networks--could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware.
Read More About This..
As outlined in the Journal of Communications (PDF) and first spotted by ArsTechnica, the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks' built-in microphones and speakers. Freaky-deaky!
The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio "mesh" network, similar to the way Wi-Fi repeaters work.
While the research doesn't prove Ruiu's badBIOS claims, it does show that the so-called "air gap" defense--that is, leaving computers with critical information disconnected from any networks--could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware.
Read More About This..
No comments:
Post a Comment