Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

Proof-of-Concept Malware Creates Covert Channel over Inaudible Sound Signals

3 Dec 2013

Covert channel are used to transfer information between processes that aren't allowed to communicate as define by computer security policy. Information transmitted in such form are often not transmitted through legitimate transfer mechanism.

 

A recent published paper by Fraunhofer FKIE - On Covert Acoustical Mesh Networks in Air - demonstrated  a new way to transmit data through microphone and speaker on a normal laptop. Using inaudible sound signal and a mesh network of laptop, they are able to create covert acoustical mesh network which can  be communicated between air gap networks.

To create such a network for  communication, a few participants are needed:

  1. Infected victim: A machine that is infected with the malware and will leak information by broadcast inaudible signal through the in-built speaker

  2. Infected drone: A machine or a group of machines that is/are targeted and will serve as a router to route the information (via covert channel) to the destination

  3. Attacker

They did this by having the victim broadcasting sound signal that are not within the human hearing range.  Other laptop (pre-configured) nearby will then be able to capture the audio signal using the in-built microphone within them and help in routing the signal to the destination. Hence, this can bypass security mechanism in place to prevent information leakage.

 

This form of transmission can be limited as the transmission rate is only about 20 bit/s. However, it is still leak some information such as keystroke capture of the victim. One of the possible application described in the paper is acoustical multi-hop keylogger.

 

The paper suggested some countermeasure such that one can adopt

  1. Disable audio in and output

  2. implementing audio filter that block high frequency range

SourceScientist-developed malware covertly jumps air gaps using inaudible sound

Share on Facebook
Share on Twitter
Please reload

RECENT POST

September 5, 2017

Please reload

CATEGORIES
Please reload

TAGS
RSS
RSS Feed