If you think that not being connected to a network will keep you safe from surveillance, think again. Two German researchers recently developed a malware that can covertly transmit data between laptops using inaudible sound.
Researchers, Michael Goetz and Michael Hanspach from the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) built an acoustical mesh network between multiple laptops in order to demonstrate that microphones and speakers built into the machines can be used to covertly transmit and receive data using near ultrasonic frequencies.
Goetz and Hanspach also developed what they called a “multi-hop acoustical keylogger.” The keylogger send out captured keystrokes using audio signals to the cover mesh network onto a node connected to the Internet.
The duo used two Lenovo T410 laptops placed directly in line of sight of each other. Volume levels on the devices were adjusted to make the transmission inaudible to people.
Their experiment showed that messages can be transmitted between the computers using audio signals in the ultrasonic frequency range of around 20,000 Hz between the laptops over a maximum distance of 19.7 metres and at a rate of 20bits/s.
Goetz and Hanspach also built an acoustical mesh network of five laptops that relayed messages to each other using the same method.
This showed that an attacker can jump network air gaps to extract data from computers infected with malware that are isolated from the Internet and other untrusted networks.
Hanspach said common noises such as human speech are filtered out of the communication system. The biggest limitation, he said, is that the transmission rate of 20bits/s cannot be used to move large amounts of information in a reasonable time period.