New malware infects computers via sound. Really.


Just when you thought your computer would be safe if you kept it offline, scientists go and prove you wrong. Scientists at the Fraunhofer Institute for Communication have developed malware that can be transmitted not through a regular network, but instead through soundwaves. So far, the scientists have developed a proof-of-concept for such malware but should malware like this get out… well, you may feel like you are living in the movies.

According to the study published in Journal of Communication, the malware can be transmitted from one computer to another computer within 65 feet just by playing it through the first computer’s speakers. Like a cold can be transmitted through the air when someone coughs or sneezes, your computer can just as easily be infected by sound. The scientists have also developed a proof-of-concept that, with the construction of audio mesh, a computer can be infected even if it is outside the 65-foot perimeter.

According to Michael Hanspach, one of the authors of the study,

“The complete concept of air gaps can be considered obsolete as commonly available laptops can communicate over their internal speakers and microphones and even form a covert acoustical mesh network. Over this covert network, information can travel over multiple hops of infected nodes, connecting completely isolated computing systems and networks to each other.”

The concept is not entirely new. Some of the same techniques that these hacker-scientists use to infect a computer with an “airborne pathogen” have been used in the past to help communicate under water. However, those communications, obviously, weren’t to transmit malware. This is.

So far, researchers say that the transmission speeds are slow running at only around 20 bits per second. But that, my friends, is 20 bits per second too much sci-fi for me.

[via Ars Technica, via Journal of Communication]

Related Posts

  • Bub

    [@New Moon]
    The reason to do so is if the data you want to steal is on the disconnected computer. This isn’t really a concern for the likes of you and me, but I imagine that there are secure facilities in which some of the computers with particularly sensitive information are protected by “air gaps”.

  • New Moon

    In addition to the plugged in microphone, the PC must also be running a program that can decode and execute those above audible pulses. In other words, you have to infect the PC first with a malware that actively listens the microphone. It is possible to do this, but as you see, why bother to hack a system in a two’s complement way while you can do it in one go.

  • [@Bub] Thank you for clearing this up. I couldn’t figure out how that would work unless the receiving computer had an active microphone anyway.

  • Bub

    This article is misrepresenting the original paper.

    The authors did not claim to distribute malware or infect other computers via sound. What they did do was demonstrate that already infected computers can use sound to leak information.

    This is significant because it can circumvent the protections provided by installing a personal firewall or by unplugging a machine from the network. Normally, you would figure that even if your computer was infected, no keylogger would be able to transmit your passwords.

    What this proof-of-concept shows is that if some attacker somehow managed to infect your disconnected laptop that has a speaker and your nearby connected desktop that has a microphone, the two machines could work in tandem to transmit keystrokes from your laptop to the attacker. Also significant is that they used inaudible frequencies, so the data transmission can take place without your knowledge.

    The process of infecting those computers in the first place would fall to traditional methods. There is no known microphone-based vulnerability by which malware can infect your machine.

  • Tom

    It’s true. I experience a tremendous desire to throw up anytime Katy Perry is played on the radio.