Air-Gap Jumping Communication. Networkless hacking. Sci-fi movie themes are now turning into reality. German researchers Michael Hanspach and Michael Goetz have created what can potentially become the driving force behind the next-gen malware. Security experts be warned – offline computing is not going to be safe for long.
Inaudible sound signals can now carry stolen data, without requiring internet access. Any compromised laptop can be used as a communication hub that receives and transmits information. This is achieved by using the machine’s audio hardware, even when the computer is offline.
Security researcher Dragos Ruiu claimed earlier this year that spyware dubbed badBIOS can link infected machines using sound wave signals alone. The IT community took this claim very sarcastically. But the latest German study has proved the doubters wrong and validated Ruiu’s claims.
The findings at the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) were quite conclusive. Two regular Lenovo business laptops were infected and used during the study. Signals in the low ultrasonic frequency range of around 20,000 Hz were conveyed to a distance of almost 20 meters at a rate of 20bps.
“We have shown the establishment of covert acoustical mesh networks in air is feasible in setups with commonly available business laptops,” the revolutionary study concluded.
Hanspach and Goetz have created a huge buzz with this groundbreaking discovery. The hacking community will surely be eager to implement this new technology for digging deeper into organizations and businesses. Not far is the day when an intruder can compromise your computer and follow every keystroke you register even when you are offline.
It is still left to be seen how hackers and cyber-criminals will manage to infect computing systems with the necessary virus. But it’s safe to say that virtually every computer with a speaker and microphone can be compromised and exploited using this dangerous technology. No system, connected or offline, is safe in today’s malicious environment.