There is an accepted wisdom when it comes to avoiding getting infected with malware. Don’t install software from websites you don’t trust. Make sure your computer is up to date, patched and all software installed is running the latest updates. Don’t open any suspicious-looking attachments, no matter who sends them to you. Ensure you have a current anti-virus system in place. That sort of thing.
As Internet access, email and wireless technologies have progressively became more widespread, we have had to adjust to keep ourselves secure from malicious software and from hackers. With each new threat that emerges, our accepted wisdom updates.
With this in mind, you may be wondering what the next logical step is in the distribution of malicious software and in the compromising of computers? What if I told you that it was possible to remotely compromise a computer which was not connected to a network? And, just for good measure, what if I told you that this malware was passed using the unlikely medium of computer speakers and microphones?
You may think me quite mad, but it’s actually more likely than you think. Here’s why.
Dragos Ruiu is a computer security analyst and hacker based in Canada. In his professional life, he has worked for a number of giants of IT, including Hewlett Packard and Sourcefire, which was recently sold to American networking giant Cisco. He is the man behind the infamous Pwn2Own hacking competition in Vancouver, BC, where security minded individuals scour for severe vulnerabilities in popular web browsers, cell phone operating systems and operating systems. It goes without saying that this is a man with a pedigree for excellence in computer security.
Three years ago, he noticed something troubling. His Macbook Air (running a freshly installed copy of OS X) spontaneously updated its firmware. Even more troubling, when he tried to boot from a DVD-ROM, his machine refused. He started to notice that data and configuration files were being deleted and updated without his instruction.
Over the next few months, Dragos noticed a number of other events that could only be described as inexplicable. A machine running the notoriously secure OpenBSD system had serendipitously started modifying its settings, again without Dragos’ instruction or instigation. He started noticing traffic being broadcast from computers that had their networking and Bluetooth cards removed, which otherwise would have been impossible.
Over the next three years, these infections continued to plague Dragos’s laboratory, despite his better efforts. Even after wiping a computer clean, removing its networking capability and installing a new operating system, it would return to its previous suspicious behavior.
Michael Hanspach and Michael Goetz are two researchers at the highly celebrated German center of academia, the Fraunhofer Society for the advancement of applied research. In the November 2013 edition of the Journal of Communications, they published an academic paper called ‘On Covert Acoustical Mesh Networks in Air’.
This paper discusses some of the technologies behind what Dragos Ruiu may have discovered, including how malware can be spread over ‘air gaps’. Their research attacks the previously held understanding of how isolating an infected computer ensures network security by replicating what Ruiu may have seen in his laboratory.
Using off-the-shelf computers and acoustic communication, they were able to bridge a number of computers and turn them into an ad-hoc network which can transmit data over a number of hops. They even used this interesting technology to act as a key logger, with keystrokes transmitted to an attacker many rooms away, with each key stroke routed through multiple rooms and the speakers and microphones found on most modern laptop computers.
Hanspach and Goetz’s research is dependent upon something called ‘Generic Underwater Application Language’ or GUWAL, which is “an operational application language for tactical messaging in underwater networks with low bandwidth.”, and can transmit data at a speed of 20 bits per second. Latency is nowhere near to the speeds you would expect from a traditional copper or fiber optic network connection either, with each hop along the network taking around six seconds to complete.
The Real World
It’s crucial to stress that the claims of Ruiu have not been independently substantiated and that the research of Hanspach and Goetz is just that – research. They have created a (massively impressive) proof of concept and their research paper is a fascinating read. However, there is no known malware currently circulating which resembles it.
This means there is no reason for you to start plugging up microphone holes and disconnecting speakers. With that said, what the security landscape of the future holds is anyone’s guess.
I’d like to thank Robert Wallace for his invaluable help in researching this article. I would also like to hear your thoughts. What do you think about malware being spread over microphones and speakers in the future? Let me know in the comments below.