Your Computer Could Be Hacked Using Only Sound
Posted: December 4th, 2013, 12:34 am
Is your computer audio-enabled? That might be enough to get it hacked, according to recent findings from German researchers with the Fraunhofer Institute for Communication, Information Processing, and Ergonomics. As revealed in a paper for the Journal of Communications, the researchers successfully hacked computers using nothing but sound.
Before you start worrying about your own machine, take a second to pity anyone you know in the computer security industry. The most secure computers in the world are completely isolated from other machines -- protected by "air gaps," with no Internet connection, no shared phone lines, nothing. Conventional wisdom goes that such computers are impossible to hack unless the hacker has direct, physical access to the machine. Or at least that was the conventional wisdom prior to the German discovery.
The Fraunhofer researchers started researching audio hacks after considering how malicious hackers might break into these highly secure systems and computers. In their paper's introduction, they note that hackers of the past often used "parts of the operating system that were not considered for communication" to insert malicious data into otherwise highly secure systems.
The researchers adopted the mindset of a hacker when designing a sound-only hack for stealing data from deliberately isolated computers. Audible noises could in theory be used to pass data between such computers and the "hacker" computer, but the researchers, wishing to remain as inconspicuous as hackers, instead chose to use sounds at a frequency inaudible to human ears (similar to the noise made by dog whistles).
Building upon preexisting technology used to transmit data under water by sound waves, the researchers were able to use the microphone and speakers in an unmodified Lenovo T400 personal computer to transmit small amounts of information -- keystrokes in the test case, though the hack could also transmit encryption keys, small text files and even passwords -- from an isolated computer to a compromised one. The researchers also tested the range of audio hack, and found that on unmodified computers, the method worked for distances up to 65 feet -- a range which can be expanded almost indefinitely with use of special "mesh networks," which can wirelessly transmit audio long distances.
The conclusion? According to the study, "acoustical networking as a covert communication technology is a considerable threat to computer security." For high-security computers that require audio, the researchers suggest sound-filtering as a way to block covert acoustical attacks. For everyone else, simply disable your machine's audio.
Before you start worrying about your own machine, take a second to pity anyone you know in the computer security industry. The most secure computers in the world are completely isolated from other machines -- protected by "air gaps," with no Internet connection, no shared phone lines, nothing. Conventional wisdom goes that such computers are impossible to hack unless the hacker has direct, physical access to the machine. Or at least that was the conventional wisdom prior to the German discovery.
The Fraunhofer researchers started researching audio hacks after considering how malicious hackers might break into these highly secure systems and computers. In their paper's introduction, they note that hackers of the past often used "parts of the operating system that were not considered for communication" to insert malicious data into otherwise highly secure systems.
The researchers adopted the mindset of a hacker when designing a sound-only hack for stealing data from deliberately isolated computers. Audible noises could in theory be used to pass data between such computers and the "hacker" computer, but the researchers, wishing to remain as inconspicuous as hackers, instead chose to use sounds at a frequency inaudible to human ears (similar to the noise made by dog whistles).
Building upon preexisting technology used to transmit data under water by sound waves, the researchers were able to use the microphone and speakers in an unmodified Lenovo T400 personal computer to transmit small amounts of information -- keystrokes in the test case, though the hack could also transmit encryption keys, small text files and even passwords -- from an isolated computer to a compromised one. The researchers also tested the range of audio hack, and found that on unmodified computers, the method worked for distances up to 65 feet -- a range which can be expanded almost indefinitely with use of special "mesh networks," which can wirelessly transmit audio long distances.
The conclusion? According to the study, "acoustical networking as a covert communication technology is a considerable threat to computer security." For high-security computers that require audio, the researchers suggest sound-filtering as a way to block covert acoustical attacks. For everyone else, simply disable your machine's audio.