Results 1 to 4 of 4

Thread: Malware found that communicates over ultrasound - over airgap

  1. #1
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    4,752

    Default Malware found that communicates over ultrasound - over airgap

    http://arstechnica.com/security/2013...jumps-airgaps/

    They claim to have found malware that transmits its commands over ultrasound. They also claim it to be able to affect OpenBSD, Linux, Windows, and OS X. Quite an interesting read.

  2. #2
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    4,752

    Default

    A POC has now been built in Germany, Fraunhofer. http://www.fudzilla.com/home/item/33...vel-on-the-air

    They could transmit keystrokes over 40m distances, which could be extended with mesh networking.

  3. #3
    Join Date
    Jan 2013
    Posts
    1,360

    Default

    The ultrasound transmission can not work unless the malware has already been installed in both computers. There's no standard protocols or even implementations for data transfer over ultrasound, so malware cannot simply infect a computer via ultrasound.

    The malware would first have to infect both computers via regular infection vectors, then the ultrasound could be used for... well, something I guess? If they can already infect both computers, it kind of evades me why they'd then want to have them chirping to each other like bats, instead of communicating over the network, but I guess people have stranger interests...

    I guess there could be some weird corner cases, where some computer that's offline can get infected first, and then a nearby online-connected computer could be used to access it, but this would still require physical access to the computer.

  4. #4
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    4,752

    Default

    Yes, you can only communicate over sound, the initial infection has to come via traditional means.

    The primary target of this malware is offline computers, such as airgapped ones. Data is usually shuffled to them via USB sticks, which can quite conveniently do the initial infection.

    Once that is done, as long as there's another computer with net access nearby, you can control the airgapped computer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •