Jump to content



Photo

Computers can be hacked with high-frequency sounds

germany fraunhofer institute covert acoustical networking malicious software steal data mesh network

  • Please log in to reply
8 replies to this topic

#1 Hum

Hum

    totally wAcKed

  • 62,516 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 13 December 2013 - 04:33

Using the microphones and speakers that come standard in many of today's laptop computers and mobile devices, hackers can secretly transmit and receive data using high-frequency audio signals that are mostly inaudible to human ears, a new study shows.

Michael Hanspach and Michael Goetz, researchers at Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently performed a proof-of-concept experiment that showed that "covert acoustical networking," a technique which had been hypothesized but considered improbable by most experts, is indeed possible.

Their findings, detailed in a recent issue of the Journal of Communications, could have major implications for electronic security.

"If you have a high demand for information security and assurance, you would need to prepare countermeasures," Hanspach wrote in an email to Inside Science.

In particular, it means "air-gapped" computers — that is, computers that are not connected to the Internet — are vulnerable to malicious software designed to steal or corrupt data.

"This is indeed a newsworthy development," said retired Navy Capt. Mark Hagerott, a cybersecurity professor at the U.S. Naval Academy in Annapolis, Md.

 

In their experiments, Hanspach and Goetz were able to transmit small packets of data between two air-gapped Lenovo business laptops separated by distances of up to about 65 feet (20 meters). Moreover, by chaining additional devices that picked up the audio signal and repeated it to other nearby devices, the researchers were able to create a "mesh network" that relayed the data across much greater distances. Importantly, the researchers were able to emit and record the ultrasonic and near-ultrasonic frequencies, which cannot be detected by humans, using the sound processor, speakers and microphone that came standard with the laptops.

 

While not practical for transmitting video or other large files, this low transmission rate is still sufficient for sending and receiving keystrokes and other sensitive data such as private encryption keys or login credentials.

full story




#2 Aheer.R.S.

Aheer.R.S.

    I cannot Teach Him, the Boy has no Patience!

  • 11,529 posts
  • Joined: 15-October 10

Posted 13 December 2013 - 04:34

Or disable the on board mic?



#3 vcfan

vcfan

    Doing the Humpty Dance

  • 4,860 posts
  • Joined: 12-June 11

Posted 13 December 2013 - 04:45

at 20 bits per second, you would die of old age before you could download a document.

just grab the damn thing and run.

#4 +Phouchg

Phouchg

    Resident Misanthrope

  • 5,689 posts
  • Joined: 28-March 11
  • Location: Neowin Detainment Camp

Posted 13 December 2013 - 07:33

Pick a fine needle and kill a diaphragm of your laptop speakers. They're complete shyte anyway and you're just annoying other people whenever they make a sound.



#5 Torolol

Torolol

  • 2,903 posts
  • Joined: 24-November 12

Posted 13 December 2013 - 07:54

use the HEARTEST.EXE program to find out if your computer speakers can emit ultrasonic sounds



#6 primexx

primexx

    Neowinian Senior

  • 12,737 posts
  • Joined: 24-April 05

Posted 14 December 2013 - 01:48

needs software already on the target first right



#7 Aheer.R.S.

Aheer.R.S.

    I cannot Teach Him, the Boy has no Patience!

  • 11,529 posts
  • Joined: 15-October 10

Posted 14 December 2013 - 01:51

needs software already on the target first right

I believe so, (like the story here a couple of years ago about cars being vulnerable to theft due to someone hooking up a diagnostic device to it), it's more of a non issue than one would be led to believe



#8 +theblazingangel

theblazingangel

    Software Engineer

  • 3,395 posts
  • Joined: 25-March 04
  • Location: England, UK

Posted 14 December 2013 - 01:58

needs software already on the target first right


Precisely, the title on this thread is not just misleading, it's factually wrong. What is described is a method by which malware can communicate from one machine to another, forming it's own network, which is particularly notable in respect to an attacker retrieving data from, or gaining access to an air-gapped computer, i.e. a computer setup with no (traditional) form of network connection. A computer must be infected with the malware first though! This is not some magical means through which a computer can be hacked into without the malware being already present, as can be inferred from the title.

#9 Nogib

Nogib

    Neowinian

  • 579 posts
  • Joined: 01-June 03

Posted 14 December 2013 - 02:21

Sonic screwdriver being able to hack computers: confirmed! :D