Computer scientists have developed an audio malware prototype that’s capable of establishing communication between devices that do not have an active network connection, Ars Technica reports. Instead, the lab-created malware uses the built-in microphones and speakers to send out a high-frequency signal from an infected computer to a different source. While it has limited use and can only send 20 bits of data per second to up to 65 feet the audio malware concept can still be used to send out significant data, including user and passwords for certain systems. Additionally, the distance can be increased by adding more attacker-controlled devices to repeat the audio signal.
The research, published in the Journal of Communications, proves that computers that aren’t connected to a network and should theoretically be protected by an “air-gap” between them and the outside world aren’t necessarily safe, as hackers or governments could use such advanced tech to snoop on highly guarded secrets and even initiate certain actions on those air-gapped PCs.
A recent badBIOS malware discovery led one researcher to conclude that such malware that’s capable of travelling between two unconnected computers may already exist. Dragos Ruiu observed the phenomenon in his labs and studied it for three years, concluding that the unknown malware he spotted can spread through USB sticks and attack the target at a BIOS level. Furthermore, the malware could travel between computers by using only airwaves when a different connection isn’t available.
However, the new audio malware research submitted by the Fraunhofer Institute for Communication, Information Processing and Ergonomics is independent of Ruiu’s discoveries.