Malware attacks are now just a sound away
If
you think that a computer which is not connected to a network, doesn't have any
USB sticks attached to it and doesn’t accept any kind of electronic connection
requests are reasonably safe against hackers and from all the malware, then you
are Wrong.
Here
we have something shocking update that Some German Scientists have developed a
proof of concept Malware
prototype, could allow a hacker to infect your computers and other digital
devices just using Inaudible Audio signals.
The
ability to bridge an air gap could be a potent infection vector. Just imagine,
a cyber attack
using high-frequency sound waves to infect machines, where stolen data also can
be transferred back to attacker without a network connection, Sounds very
terrifying ?
When
a few weeks ago, a security researcher Dragos Ruiu claimed malware
dubbed badBIOS allowed
infected machines to communicate using sound waves alone, means that the
devices are physically disconnected from any networks, including the internet,
people said he was crazy.
But
Now German Researchers have published a
paper on how malware can be designed to cross the air gap by
transmitting information through speakers and recording it via microphone.
Rather
than relying on TCP-IP, they used a network stack originally developed for
underwater communication and the signal was propagated through the use of a
software-defined modem based on the GNU Radio project.
In
a scenario based hacking, “The infected victim sends all recorded
keystrokes to the covert acoustical mesh network. Infected drones forward the
keystroke information inside the covert network till the attacker is reached,
who is now able to read the current keyboard input of the infected victim from
a distant place.” paper explained.
In
another scenario, the researchers used sound waves to send keystroke
information to a network-connected computer, which then sent the
information to the attacker via email.
While
the research doesn’t prove Dragos Ruiu’s badBIOS claims, but it does show that
even if the system is disconnected from any network, could still be vulnerable
to attackers. However, I would like to appreciate Dragos dedication
about badBIOS research because this extraordinary concept was first
introduced by him only.
Researchers
POC Malware is able to transfer data at 20 bits per second only, which is very
low, but that's still capable of transferring your password or credit card
number to the hacker in a few seconds.
Some
basic countermeasures one can adopt to protect against such malware are:
·
Switching off the audio
input and output devices from the system.
·
Employ audio filtering
that blocks high-frequency ranges.
·
Using an Audio Intrusion
Detection Guard.
Source:http://thehackernews.com/2013/12/Malware-Inaudible-Audio-signals-badbios-virus.html
No comments
Post a Comment