“Your digital data can now be filched from your computer in a form of Audio Signals.” Does this appear to be a dialogue from a science fiction movie? Because I can vouch for it to become the reality anytime soon.
The Security researchers from Germany have developed a new sort of computer malware that can steal your passwords, login information or any other data from a PC and can transfer it in a form of an audio signal to the PC nearby; these audio signals are not even audible to humans as its frequency is outside the human hearing range.
The research had published in the Journal of Communications which was led by a team from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics.
Researchers Michael Hanspach and Michael Goetz managed to use the built-in speakers and microphones of computer to transmit passwords and other data at a rate of 20 bits per second over a distance of almost 20 meters, allowing the malware to privately ooze critical data to the outer world.
According to the Abstract part of their research paper,
“We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. “
In case you don’t know, a covert channel is a way to transfer information between processes that are not authorized to communicate.
Furthermore, the researchers wrote,
“If we want to exploit a rigorously hardened and tested type of computing system or networks of this type of computing system, we have to break new ground”.
Oftentimes, Speakers and microphones are disregarded in security planning, and by availing frequencies outside the human hearing range it is apparent that such data could escape detection even when they are transmitted across a crowded workplace.
The analysis used five Lenovo T400 laptops running Debian 7.1, and was performed in a standard computer lab with no particularly unusual audio characteristics. Transmissions were sent at around 20 kHz and were found to be totally inaudible to humans during the experiment. The paper suggests that this frequency could be even higher, to make it even less probable to be caught, but this would lessen the broadcast range.
During the experiment the researchers were able to covertly log the keystrokes made by a user at one computer and broadcast them over audio through a chain of other computers until the message was eventually passed to a machine connected to the internet, and sent back to a malicious attacker despite the fact that the transmission rate is too slow.
“Alongside keystroke information it would also be possible to forward other security critical data such as private encryption keys or small-sized text files with classified information from the infected victim to the covert network,” said researchers.
Now there is a good reason for you to disconnect your built-in mics and speakers. Although it is pretty impractical, it might be worth doing on a governmental level.
We already train dogs to sniff for bombs and drugs. Clearly, the time is not very far when we shall be training them to hear the Malwares too.
On a related noted, NSA would be considering to implement this new technique somewhere in the world. So watch out!