A POC malware can jump 20 meter (65 feet) air gaps at a time

Dec 3, 2013 09:43 GMT  ·  By

Michael Hanspach and Michael Goetz, researchers at Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics have recently published a paper on covert communication channels that use audio signals to transmit data from one computer system to the other.

According to Ars Technica, the experts have developed a prototype malware that’s capable of transmitting small amounts of information, such as keystrokes, via inaudible audio signals.

The proof-of-concept made by the researchers is capable of jumping 19.7 meter (64.6 feet) air gaps by using speakers and microphones connected to computers. While this might not seem much, such a covert acoustical mesh network can be designed to enable the transmission of data over multiple hosts of infected nodes.

This particular type of malware can be highly dangerous for organizations that keep certain critical systems isolated from the network in order to keep the data stored on them secure.

The POC developed by experts can only transfer data at a rate of 20 bits per second, which is not much. However, it could be more than enough to transmit certain types of data, such as login credentials.

The researchers have also detailed the steps that can be taken to protect computers against such threats. The measures include disabling audio systems, using low-pass filtering, and intrusion detection systems that monitor audio input and output for irregularities.

The malware reminds us of badBIOS, the mysterious piece of malware whose alleged existence was brought to light by security researcher Dragos Ruiu. badBIOS is said to be capable of jumping air gaps to spread.

Of course, this doesn’t necessarily prove the existence of badBIOS. However, it does demonstrate that certain characteristics of the malware described by Ruiu are not science fiction.

The complete paper “On Covert Acoustical Mesh Networks in Air” is available in the Journal of Communications.