Home / Mobile / Experimental malware uses inaudible sound to defeat network air gaps

Researchers built a covert acoustical mesh network and used audio signals to transmit data between laptops

Experimental malware uses inaudible sound to defeat network air gaps

window.ntvConfig = window.ntvConfig || {} ;
window.ntvConfig.keyValues = window.ntvConfig.keyValues || {};
var segs = localStorage.getItem(‘_pnativo’);
if (segs) {
window.ntvConfig.keyValues.permutive = JSON.parse(segs).join(“,”);
}
https://s.ntv.io/serve/load.js
var prodNames = ”;
var prodManufacturers = ”;
var prodCategories = ”;
var prodVendors = ”;

var insiderSignedIn = document.cookie.indexOf(“nsdr”) > -1; //check if Insider cookie exists
var idg_uuid = $.cookie(‘idg_uuid’) || ”;

var dlJobFunction = ”;
var dlJobPosition = ”;
var dlIndustry = ”;

if (insiderSignedIn) {
var insiderToken = IDG.insiderReg.readCookie(“nsdr”);
var tokens = IDG.insiderReg.readCookieProperty(insiderToken);
if (!(tokens[‘jobPosition’]===undefined)) {
//dlJobPosition = tokens[‘jobPosition’];
//OC-1647 change to indicate this data was remove
dlJobPosition = “removed”;
}
if (!(tokens[‘jobFunction’]===undefined)) {
dlJobFunction = tokens[‘jobFunction’];
}
if (!(tokens[‘industry’]===undefined)) {
dlIndustry = tokens[‘industry’];
}
}

insiderSignedIn = insiderSignedIn.toString(); //per Infotrust this needs to be a string, not a boolean

var sincePublished = ‘2048 days’;
sincePublished = sincePublished.split(” “)[0];

//get edition from countryCode
var edition = ”;
if (typeof countryCode !== ‘undefined’ && countryCode !== “”) {//should be defined in locales-editions.jsp if brand has editions
edition = countryCode.toLowerCase();
}

dataLayer=[{
‘articleId’: ‘2172362’,
‘articleDisplayId’:’1′,
‘articleHasVideo’:’false’,
‘articleLocale’: ‘global’,
‘articleTitle’: ‘Experimental malware uses inaudible sound to defeat network air gaps’,
‘articleType’: ‘News’,
‘audience’:’enterprise’,
‘author’:’Lucian Constantin’,
‘blogName’:”,
‘brandpost’: ‘false’,
‘categoryIdList’:’3390,3524,3574,2101,3856,3303,3388,3688,2206,3860,3513,3523′,
‘categoryIdPrimary’: ‘3390’,
‘contentStrategy’: ”,
‘contentType’:’news’,
‘datePublished’:’2014-05-27′,
‘dateUpdated’:’2014-05-27′,
‘daysSincePublished’:”2048″,
‘daysSinceUpdated’:’2048′,
‘de_normalized_company_name’:$.cookie(‘de_normalized_company_name’),
‘displayType’:’article’,
‘edition’:edition,
‘environment’:’production’,
‘ga_enabled’:’true’,
‘gaTrackingId’:’UA-300704-13′,
‘geolocEnabled’:’true’,
‘goldenTaxonomyIdPrimary’: ‘665’,
‘goldenTaxonomyIdList’: ‘675,126,347,944,973,454,144,941,202,67,68’,
‘industry’: dlIndustry,
‘insiderSignedIn’:insiderSignedIn,
‘ip_normalized_company_name’:$.cookie(‘ip_normalized_company_name’),
‘isBlog’:’false’,
‘isInsiderContent’:’false’,
‘isICN’: ‘false’,
‘jobFunction’: dlJobFunction,
‘jobPosition’: dlJobPosition,
‘oneRegPlacementID’:oneRegPlacementID,
‘pageNumber’:’1′,
‘platform’:’Web’,
‘podcastSponsored’: ‘false’,
‘primaryCategory’: ‘byod’,
‘ancestorGoldenCategories’: ”,
‘primaryCategoryList’: ‘small business,mdm,pcs,cyber crime,network security,wi-fi,network management,security,intrusion detection,malware,spyware’,
‘primaryAncestorCategoryList’: ‘byod,mobile’,
‘prodCategories’:prodCategories.slice(‘|’, -1),
‘prodManufacturers’:prodManufacturers.slice(‘|’, -1),
‘prodNames’:prodNames.slice(‘|’, -1),
‘prodVendors’:prodVendors.slice(‘|’, -1),
‘property’: ‘itnews’,
‘propertyCountry’:’US’,
‘purchaseIntent’:”,
‘skimlinksId’:’111346X1569479′,
‘source’:’idg news service’,
‘sponsorName’:”,
‘suppressMonetization’: supMontMods.toString(),
‘tags’: ”,
‘userId’:idg_uuid,
‘videoAutoplay’:’false’,
‘youtubeId’:”
}];

var _sf_async_config={};

_sf_async_config.uid = 29363;

_sf_async_config.path = “/article/2172362/experimental-malware-uses-inaudible-sound-to-defeat-network-air-gaps.html”;
_sf_async_config.title = “Experimental malware uses inaudible sound to defeat network air gaps | ITNews”;
_sf_async_config.domain = “itnews.com”;
if(window.location.href.indexOf(“video”)&&true) {
_sf_async_config.playerdomain= _sf_async_config.domain.replace(“www.”,””);
}

_sf_async_config.useCanonical = true;

_sf_async_config.sections = “byod”;
_sf_async_config.authors=”Lucian Constantin”;


var _vwo_code=(function(){
var account_id=306194,
settings_tolerance=2000,
library_tolerance=2500,
use_existing_jquery=false,
/* DO NOT EDIT BELOW THIS LINE */
f=false,d=document;return{use_existing_jquery:function(){return use_existing_jquery;},library_tolerance:function(){return library_tolerance;},finish:function(){if(!f){f=true;var a=d.getElementById(‘_vis_opt_path_hides’);if(a)a.parentNode.removeChild(a);}},finished:function(){return f;},load:function(a){var b=d.createElement(‘script’);b.src=a;b.type=’text/javascript’;b.innerText;b.onerror=function(){_vwo_code.finish();};d.getElementsByTagName(‘head’)[0].appendChild(b);},init:function(){settings_timer=setTimeout(‘_vwo_code.finish()’,settings_tolerance);var a=d.createElement(‘style’),b=’body{opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important;}’,h=d.getElementsByTagName(‘head’)[0];a.setAttribute(‘id’,’_vis_opt_path_hides’);a.setAttribute(‘type’,’text/css’);if(a.styleSheet)a.styleSheet.cssText=b;else a.appendChild(d.createTextNode(b));h.appendChild(a);this.load(‘//dev.visualwebsiteoptimizer.com/j.php?a=’+account_id+’&u=’+encodeURIComponent(d.URL)+’&r=’+Math.random());return settings_timer;}};}());_vwo_settings_timer=_vwo_code.init();

var dataLayer = window.dataLayer = window.dataLayer || [];
var adBlockStatus = ‘false’;

function AdBlockEnabled() {
var ad = document.createElement(‘ins’);
ad.className = ‘AdSense’;
ad.style.display = ‘block’;
ad.style.position = ‘absolute’;
ad.style.top = ‘-1px’;
ad.style.height = ‘1px’;

if (document.body != null) {
document.body.appendChild(ad);
var isAdBlockEnabled = !ad.clientHeight;
document.body.removeChild(ad);
}

return isAdBlockEnabled;
}
// AdBlockEnabled() was successful document.body not null
if (AdBlockEnabled() != undefined) {
adBlockStatus = AdBlockEnabled().toString();
}
// not successful – look for ads.js
if (document.body == null) {
if (window.canRunAds === undefined) {
adBlockStatus = ‘true’;
} else {
adBlockStatus = ‘false’;
}
}

dataLayer.push({
‘adBlockStatus’: adBlockStatus
});

Use commas to separate multiple email addresses

Your message has been sent.

There was an error emailing this page.

By

CSO Senior Writer,

IDG News Service |


PT

In a development likely to concern those who believe that a system that’s not connected to a network is safe from surveillance, researchers have demonstrated that microphones and speakers built into laptops can be used to covertly transmit and receive data through inaudible audio signals

Michael Hanspach and Michael Goetz, two researchers from the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) in Germany, tested the feasibility of creating a covert acoustical mesh network between multiple laptops that’s used to exchange data using near ultrasonic frequencies. The two researchers presented their findings recently in a paper published in the Journal of Communications.

Their experiments showed that messages can be transmitted using audio signals in the low ultrasonic frequency range at around 20,000 Hz between two Lenovo T410 business laptops over a maximum distance of 19.7 meters and at a rate of 20 bit/s.

The Lenovo T410 laptops were placed in direct line of sight to each other and the volume levels were adjusted to make the transmission inaudible to observers. The transmission frequencies could be increased to over 20,000 Hz for increased stealthiness, but the transmission range would decrease, the researchers said.

The data was transmitted using two different acoustical modem software applications called Minimodem and Adaptive Communication System (ACS) modem, the latter delivering the best results. On the network layer, the researchers used an ad-hoc routing protocol called GUWMANET (Gossiping in Underwater Mobile Ad-hoc Networks) that was developed by FKIE for underwater communication.

The researchers built an acoustical mesh network of five laptops that relayed messages to each other using audio transmissions in order to show that an attacker can jump network air gaps to extract data from computers infected with malware that are isolated from the Internet and other untrusted networks.

Common sources of noise present in the environment, like human speech, are filtered out and do not affect the communication, Hanspach said Tuesday via email.

Every laptop needs to be in direct line of sight to at least another laptop that acts as a node in the network, but according to the researcher, this is a very common setup in labs and open-plan offices.

Human movement around the laptops can have an adverse effect on connectivity, but if a transmission fails, it can just be sent out again, the researcher said.

The biggest limitation is the low transmission rate — 20 bit/s — which cannot be used to transfer large amounts of information in a reasonable period of time. However, it’s still enough to transmit small pieces of valuable information like log-in credentials and encryption keys stolen by malware running on the air-gapped computer and can also be used to relay commands back from the attacker.

The researchers created and tested what they call “a multi-hop acoustical keylogger” in their experimental setup. A keylogger running on an air-gapped computer was used to automatically send the captured keystrokes using audio signals to the covert mesh network and onto a node connected to the Internet. The node then used Sendmail to send an SMTP message with the sensitive information to a predefined e-mail address.

“This message could just contain the recorded keystrokes, but it is also conceivable to include the GUWMANET/GUWAL headers in order to tunnel the protocol over TCP/IP and to extend the covert acoustical mesh network to another covert network at any place in the world,” the researchers said in the paper.

The malware that can implement the acoustical transmission and keylogging needs to be installed on the air-gapped computer using some other method, such as an infected USB stick or an insider with access.

The research shows that network air gaps might not be sufficient to protect data from being stolen by malware.

“It highly depends on the level of assurance you need to achieve,” Hanspach said. “If you have high valued data, you should think about implementing countermeasures.”

The researchers described a few methods to prevent audio transmissions in their paper. The most obvious one is to switch off the audio input and output devices on the air-gapped computers, but this might not be practical in cases where other important applications need access to those devices.

“For these cases it is possible to prevent inaudible communication of audio input and output devices by application of a software-dened lowpass lter,” the researchers said. “An audio ltering guard can be used to control any audio-based information ow in a component-based operating system.”

A more advanced approach would be to build a host-based audio intrusion detection system that can analyze audio input and output for modulated signals or hidden messages, the researchers said.

The software used for these experiments will not be publicly released, because the researchers don’t own the code. However, some of the utilized software components are available as open source, Hanspach said.

It might be possible for other groups to replicate the setup because the techniques used are publicly available, he said.

This research comes after security researcher Dragos Ruiu said last month he believed some of his computers were infected with BIOS malware capable of jumping air gaps possibly by using ultrasonic audio transmissions. The existence of that malware, dubbed badBIOS, has yet to be proven and some people from the security community have doubts about Ruiu’s claims.

Lucian Constantin is a senior writer at CSO, covering information security, privacy, and data protection.

Copyright © 2019 IDG Communications, Inc.

Source

About IT News Ug

Check Also

British spies reportedly spoofed LinkedIn, Slashdot to target network engineers

Key employees from telecommunication companies were redirected to pages that installed malware on their computers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.