“Your digital data can now be filched from your computer in a form of Audio Signals.” Does this appear to be a dialogue from a science fiction movie? Because I can vouch for it to become the reality anytime soon.
The Security researchers from Germany have developed a new sort of computer malware that can steal your passwords, login information or any other data from a PC and can transfer it in a form of an audio signal to the PC nearby; these audio signals are not even audible to humans as its frequency is outside the human hearing range.
The research had published in the Journal of Communications which was led by a team from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics.
Researchers Michael Hanspach and Michael Goetz managed to use the built-in speakers and microphones of computer to transmit passwords and other data at a rate of 20 bits per second over a distance of almost 20 meters, allowing the malware to privately ooze critical data to the outer world.
According to the Abstract part of their research paper,
“We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. “
In case you don’t know, a covert channel is a way to transfer information between processes that are not authorized to communicate.
Furthermore, the researchers wrote,
“If we want to exploit a rigorously hardened and tested type of computing system or networks of this type of computing system, we have to break new ground”.
Oftentimes, Speakers and microphones are disregarded in security planning, and by availing frequencies outside the human hearing range it is apparent that such data could escape detection even when they are transmitted across a crowded workplace.
The analysis used five Lenovo T400 laptops running Debian 7.1, and was performed in a standard computer lab with no particularly unusual audio characteristics. Transmissions were sent at around 20 kHz and were found to be totally inaudible to humans during the experiment. The paper suggests that this frequency could be even higher, to make it even less probable to be caught, but this would lessen the broadcast range.
During the experiment the researchers were able to covertly log the keystrokes made by a user at one computer and broadcast them over audio through a chain of other computers until the message was eventually passed to a machine connected to the internet, and sent back to a malicious attacker despite the fact that the transmission rate is too slow.
“Alongside keystroke information it would also be possible to forward other security critical data such as private encryption keys or small-sized text files with classified information from the infected victim to the covert network,” said researchers.
Now there is a good reason for you to disconnect your built-in mics and speakers. Although it is pretty impractical, it might be worth doing on a governmental level.
We already train dogs to sniff for bombs and drugs. Clearly, the time is not very far when we shall be training them to hear the Malwares too.
On a related noted, NSA would be considering to implement this new technique somewhere in the world. So watch out!
We don’t need to disconnect our Speakers i think. Because the malware has to be executed first on victim pc then it will start its function.
Correct me if wrong. Thanks.
Actually you are wrong.The Malware doesn’t need to be executed on the victim pc as far as I know. One thing to be noted here is the victim pc doesn’t need to be connected to the internet or any network.
MMM Can you provide me some books related to hacking, i hv read all books including CEHv7, I want to know the system in more detail…. Hope for your reply.
If you’d have properly read that CEHv7 guide , you wouldn’t have asked this question here at first place.
That’s simply wrong. If the malware is not executed on the victim pc, then the pc will not transmit passwords and other things via speaker.
Obviously some software has to RUN to cause it to transmit.
I don’t understand why people think so Stupidly, Now Look at this guy MMMTheHacker He Actually Loves to have some kind of software that can execute malware through sound waves.
OMG he Loves to hack someone this way LOL.
whats your point ?
Anyone would want to do that since it quite interesting, anyhow, this is not as easy as it sounds. Not every Script kiddie could do what Germans have done, this kind of malware development and execution requires strong command over basic Audio Processing Algorithms ,
this is in fact a kind of encouragement, If anyone able to do what germans have done , then this would be nothing less than a dream come true.
Don’t know what you are thinking, I was really amazed to hear that something happend like that (About German Programmers)
But i am not talking about German Programmers i am talking about this guy “MMMTheHacker”.Who has strange believe that, “someone can get in your PC using Sound Wave and execute a Malware.”
Seem pretty Strange to me.
Haha disconnecting speakers should be least of worries if you’re connected to the internet. Boring article. We can transmit data through sound? WHO KNEW!!
A Service needs to be running on Victim PC
http://www.networkworld.com/news/2013/120513-two-arrested-in-germany-for-276605.html
totally irrelevant..
People start using your headphones :P
actually it would not be suitable for script kiddies and people doing such things for fun only.. but instead it is a serious tool for security related issues where agencies tries to get into the computers of important persons etc…. it would be taken seriously because a small flaw in security might cause big damages…. such things would be anticipated for the security of confidential computers/ data…