Malware can now be transmitted by...the air we breath

[Urzu 7]

Don't believe me? Read on...

Quote:

The gold standard for protecting computer systems—as everyone from the U.S. military to Osama Bin Laden’s ghost well knows—is disconnecting them from the Internet. Called an “air gap,” because prior to wireless networking it literally meant making sure there was no cable physically connecting a computer to the public Internet, this is one of the most drastic, inconvenient, and difficult-to-maintain computer security measures out there. It’s usually reserved for systems that require the very highest levels of security, because it leaves you with a computer system that may be limited in what it can do, but at least it’s absolutely safe. But according to a recent paper by researchers at the Fraunhofer Institute for Communication, Information Processing, and Ergonomics, that gap can be bridged by high-frequency audio signals.

The researchers, Michael Hanspach and Michael Goetz, were able to transmit data between air-gapped laptops up to 19.7 meters (more than 60 feet) apart at a rate of approximately 20 bits per second by using acoustic methods originally developed for underwater communications. In other words, the computers communicated via their built-in speakers and microphones by transmitting inaudible acoustic waves. The paper announcing this prototype comes just weeks after security consultant Dragos Ruiu hypothesized that the “badBIOS” malware he was studying was able to penetrate air-gapped machines in the same manner. Even without Hanspach and Goetz’s confirmation of its feasibility, Ruiu’s claim was enough to unsettle some. At the Defense One conference last month, United States Naval Academy cyber security professor and retired Navy captain Mark Hagerott said the discovery of air-gap jumping technology would “disrupt the world balance of power.”

http://www.slate.com/blogs/future_te...p_air_gap.html

Cyber terrorism just gets worse and worse. Think about it, a possible scenario one day could be that someone writes airborne malware that could work on a video game system you are playing, transmitting malware to your PC while it is on and you download some anime torrents. That is just a guess, but surely we'll see malware being transmitted to desktops and laptops via the air some day not too long from now. Imagine this problem at computer labs at colleges and offices at work places. One computer could get the malware, and then spread to other computers, and then the malware could be engineered to go onto USB thumb drives, so people could then spread the malware more when backing up work and then using the USB thumb drives on home computers or any other computer.

Technology does so much good for us but boy can it ever be used against us, and as it gets better, the more it can be a double edged sword.

[kuroishinigami]

Uh, assume you're using normal speaker/wave transmitter, how far can such unaudible sound wave travel before getting corrupted by interference from the millions other such wave already in the air currently? Even in test scenario, the said data can only be transmitted for 20 meter, so I don't think we, as normal user should worry about this one yet. It might infect your family's laptop, but I don't think it can lead to that big of an outbreak before the malware can be completely isolated and removed.

[Kotohono]

Solution: quit having a microphone on everything if you aren't you using it .

As with no sound detection system it does nothing.

[EscapeReality]

Can computers catch malware just by connecting to the internet, without visiting any sites and clicking any links?

How is a computer's microphone connected to its hard drive or other components? I can't quite comprehend the idea of sound waves jumbling up code.

Since this can only be spread in short ranges, I think it'll be confined pretty easily. Unless you have someone carrying a speaker and walking around...eh.

[Urzu 7]

Maybe the worst case scenario I mentioned in the OP is a stretch, but airborne malware would still be a big bummer. While they confirmed this in a lab experiment, those that engineer malware and viruses always take a new-found way to infect computers and tweak it and enhance it and make it more sophisticated. It is very possible that in a matter of years, families have headaches because laptops and desktops in homes get malware that one computer got from the internet because of this airborne means of infection.

Worse than that, on the matter of national security for any nation, now it is even easier for classified info to be compromised.

[Flower]

Quote:

Originally Posted by Konakaga

Solution: quit having a microphone on everything if you aren't you using it .

As with no sound detection system it does nothing.

We are trying to panic here ma'am! Please don't interfere with our frenzied nailbiting and "oh noes!"

In all seriousness though, my guess is that it will be some time before this becomes a real threat (if at all), and even if it does it is not like people will just sit around and do nothing. Just as malware on the internet is most effectively combatted by never connecting turning off microphones or other input devices is a fine solution from the initial descriptions and such.

In the meantime I think there are other more important things to be concerned about and which take priority, at least for me there are.....

[Kotohono]

Quote:

Originally Posted by EscapeReality

Can computers catch malware just by connecting to the internet, without visiting any sites and clicking any links?

Catch? unlikely but possible via other programs that access it, and More so it's possible to be target by being connected this is why firewalls are standard practice.

Quote:

Originally Posted by EscapeReality

How is a computer's microphone connected to its hard drive or other components? I can't quite comprehend the idea of sound waves jumbling up code.

it doesn't jumble something, it would transit code to do something to your computer.

Quote:

Originally Posted by Urzu 7

Worse than that, on the matter of national security for any nation, now it is even easier for classified info to be compromised.

On a national security level just getting ones with no sound detection should be fine, it isn't a default or necessary function.

[Fireminer]

Meh, this new has been posted for an entire month on one of our millitary news.

[Dhomochevsky]

For anyone having even a slight clue about how computers work, this is a total non story.

Unless you have these scientists' program running on a computer, it will not interpret audio as code.
Even if you did transmit 'information' like it says in the title, which apparently is a new concept (and since when has 'sound' not been information?), this information would still need to be run as code.
And why would a pc do that?

I propose this new way to hack government computers:
Go for a walk near the secure facility, wearing a t-shirt with 'format c:' written on it.
There will surely be security cameras about, which will film you and if they are running OCR on your t-shirt, that will transmit the harmful code into their system!
Now if they paste this code into a cmd shell, it will totally shut down all security!

[Renegade334]

^ Finally someone who understands this is just a wet firecracker.

Yep, unless you find a way to make sure the code is run through the CPU without being garbled/corrupted somewhere between the emitter and the microphone (provided the said component is on and listening, the driver knows how to appropriately filter the audio feed and there is already an executable within the OS to convert the audio feed into high- or low-level language code), the airborne malware will not do anything...I mean, it's audio gibberish. Why would the OS or the CPU suddenly decide to execute it as code?

I can understand if the audio feed involves code injection (in assembly language, for example), but once again it can't go live on its own; you need to somehow force the execution.