Science and Tech

Actions

Researchers Create 'Inaudible Sound Jumping' Malware

Computer science researchers prove computers are able to transmit malware via inaudible audio signals.
Posted at 3:26 PM, Dec 03, 2013

Unconnected computers are trading information in a secret frequency humans can't hear. It sounds far-fetched, but computer scientists in Germany have proven it's possible. 

Their work, published in the Journal of Communications, describes a new type of malware which can communicate inaudibly between computers up to 65 feet away. 

Exchanging data over audio signals is nothing too exciting in the tech world, but some aspects of the malware are worrisome, like its ability to use the stock microphones and speakers on common laptops. 

But what's most important — the data or malware can be shared when your computer is physically or technically separated from a network.  This is called an air gap. 

Until now, the scientists could only trade small amounts of data — like keystrokes and passwords — at a slow rate of 20 bits per second. But that data could still hop between a chain of unconnected computers. 

The finding could validate remarks from respected security specialist Dragos Ruiu, who has recently been accused of crying wolf.

He has been publicly discussing a strange-acting malware on his computer for three years, one that sounded unbelievable and maybe down-right fictitious. Back in November, This Week in Tech's Leo Laporte explained: 

"He thinks the malware has the ability to use high frequency transmissions passed between computers speakers and microphones to jump air gaps — air gaps mean your computer is not connected to the network, it's stand alone. He's had computers infected with brand new everything."

Ruiu dubbed the malware #badBIOS on Twitter, and tech nerds everywhere struggled to understand badBIOS' ability to survive purging and act on its own.

Many in the industry couldn't make sense of Ruiu's claim. As InfoSecurity says: "​It's either the God of Malware, an elaborate hoax, a publicity stunt – or Dragos Ruiu has gone mad."

The skepticism grew more and more for badBIOS. ​Now, however, the announcement from scientists at least legitimizes that Ruiu's badBIOS claim might actually be true.

TheCyberWire tweets about the scientist-developed malware: "It's not exactly #BadBIOS, but it sounds close." 

For now, whether the malware becomes your latest digital-security worry is still up in the air (gaps).