Computers can be hacked with high-frequency sounds

[Hum]

Using the microphones and speakers that come standard in many of today's laptop computers and mobile devices, hackers can secretly transmit and receive data using high-frequency audio signals that are mostly inaudible to human ears, a new study shows.

Michael Hanspach and Michael Goetz, researchers at Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently performed a proof-of-concept experiment that showed that "covert acoustical networking," a technique which had been hypothesized but considered improbable by most experts, is indeed possible.

Their findings, detailed in a recent issue of the Journal of Communications, could have major implications for electronic security.

"If you have a high demand for information security and assurance, you would need to prepare countermeasures," Hanspach wrote in an email to Inside Science.

In particular, it means "air-gapped" computers ? that is, computers that are not connected to the Internet ? are vulnerable to malicious software designed to steal or corrupt data.

"This is indeed a newsworthy development," said retired Navy Capt. Mark Hagerott, a cybersecurity professor at the U.S. Naval Academy in Annapolis, Md.

 

In their experiments, Hanspach and Goetz were able to transmit small packets of data between two air-gapped Lenovo business laptops separated by distances of up to about 65 feet (20 meters). Moreover, by chaining additional devices that picked up the audio signal and repeated it to other nearby devices, the researchers were able to create a "mesh network" that relayed the data across much greater distances. Importantly, the researchers were able to emit and record the ultrasonic and near-ultrasonic frequencies, which cannot be detected by humans, using the sound processor, speakers and microphone that came standard with the laptops.

 

While not practical for transmitting video or other large files, this low transmission rate is still sufficient for sending and receiving keystrokes and other sensitive data such as private encryption keys or login credentials.

full story

[The Evil Overlord]

Or disable the on board mic?

[vcfan]

at 20 bits per second, you would die of old age before you could download a document.

just grab the damn thing and run.

[Phouchg]

Pick a fine needle and kill a diaphragm of your laptop speakers. They're complete shyte anyway and you're just annoying other people whenever they make a sound.

[Torolol]

use the HEARTEST.EXE program to find out if your computer speakers can emit ultrasonic sounds

[primexx]

needs software already on the target first right

[The Evil Overlord]

needs software already on the target first right

I believe so, (like the story here a couple of years ago about cars being vulnerable to theft due to someone hooking up a diagnostic device to it), it's more of a non issue than one would be led to believe

[+theblazingangel MVC]

needs software already on the target first right

Precisely, the title on this thread is not just misleading, it's factually wrong. What is described is a method by which malware can communicate from one machine to another, forming it's own network, which is particularly notable in respect to an attacker retrieving data from, or gaining access to an air-gapped computer, i.e. a computer setup with no (traditional) form of network connection. A computer must be infected with the malware first though! This is not some magical means through which a computer can be hacked into without the malware being already present, as can be inferred from the title.

[Nogib]

Sonic screwdriver being able to hack computers: confirmed! :D