PoC Malware Creates Covert Channel Over Inaudible Sound Signals
A covert channel is used to transfer information between processes that aren't allowed to communicate as defined by the computer security policy. Information transmitted in such forms is often not transmitted through legitimate transfer mechanism.
A recently published paper by Fraunhofer FKIE — On Covert Acoustical Mesh Networks in Air — demonstrated a new way to transmit data through microphone and speaker on a normal laptop. Using inaudible sound signal and a mesh network of laptops, they are able to create a covert acoustical mesh network which can be communicated between air gap networks.
To create such a network for communication, a few participants are needed:
Infected victim: A machine that is infected with the malware and will leak information by broadcasting inaudible signals through the in-built speaker
Infected drone: A machine or a group of machines that is/are targeted and will serve as a router to route the information (via covert channel) to the destination
They did this by having the victim broadcast sound signals that are not within the human hearing range. Other laptops (pre-configured) nearby will then be able to capture the audio signal using the in-built microphone within them and help in routing the signal to the destination. Hence, this can bypass security mechanisms in place to prevent information leakage.
This form of transmission can be limited as the transmission rate is only about 20 bit/s. However, it can still leak some information such as keystroke capture of the victim. One of the possible application described in the paper is an acoustical multi-hop keylogger.
The paper suggested some countermeasures:
Disable audio in and output
implementing an audio filter that blocks high-frequency range
Shared by Tan Jun Hao.