Malware Which Transmits Through Sound Waves!

How is that Possible?

The standard phenomena used for protecting computer systems especially in military, from external Internet or local system which is highly used to protect confidential data, better known as “air gap” has been leaped by a recently discovered malware.

High-security computer networks where the sensitive data is kept so as to keep it safe and is protected using “air gap”, this air gap resembles that computers are kept disconnected from other local systems and any type of networks or Internet. But the malware is capable to bridge the “air gap” and thus using high-frequency audio signals it can transmit the data.

According to a recent paper published in “Journal of Communications” by researchers at the Fraunhofer Institute for Communication, Information Processing, and Ergonomics, a species of malware has been developed which has capability to transmit data from hacked computers using an audio signal of frequency, inaudible to humans.

It has also been discovered that this allows the malware to transmit keystrokes and other sensitive data such as; private encryption keys or maybe malicious commands even when infected machines are not having any network connection.”

High-Frequency Audio Signals Used to Transmit Data!

The researchers, Michael Hanspach and Michael Goetz, were successfully able to transmit data between air-gapped laptops up to 19.7 meters (more than 60 feet) apart at a rate of approximately 20 bits per second by using acoustic methods originally developed for underwater communication. The researchers were able to transmit a very small amount of sensitive data including passwords, across such a vast distance with a mere usage of built-in speakers and microphone of standard computers.

The team has also predicted that if a network of controlled devices will be used it will surely enhance and increase the distance radically in order to relay data. It has been concluded that the method of protecting the systems through “air gap” is way too old and can be considered obsolete. New techniques and measures have to be implemented.

Fortunately for the governments and large institutions that use these measures, the target computer still has to be infected with malware via more traditional means before it can transmit data.

Trends in social engineering and phishing attacks show that the human users of computer systems are often crucial attack vectors, while research it has been also shown that the power used by computers and also sound they make can be used to target encrypted information. Medium can be different but ultimately it affects the system and the confidential information can be transmitted illegally.

There are possible defenses against acoustic malware high-frequency audio filtering and audio intrusion detection systems, but these solutions are more complicated to implement and may be less effective. This might be only relevant to the systems used for high security but technology always affects human life good or bad, but it does affect a lot!