Researchers Build Covert Acoustical Mesh Networks In Air

An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."

Apple already sells this

[ArcadeMan]

It's called AirPort.

Re:Apple already sells this

[ArcadeMan]

Vibrations of air, like the woosh that just went over your head?

Lock down I/O

[l2718]

An "air gap" means making sue a computer cannot exchange information with other computers. LAN is one way to do so, but other sensors on the computer can be used for input, and other devices for output. Is it really a surprise that the microphone on a computer can be used as an input device?

Re:Lock down I/O

[marcello_dl]

You mean downgrade? what about the old desktop box with no mic, an easily detachable and crappy speaker for beep, no wireless stuff integrated into the CPU as an anti theft device, no official wireless modem, and always-on fans at a fixed speed (to stop in his track the resourceful black hat that one day will try malicious communication over fan freq.).

Air Gaps are Evil

[TechyImmigrant]

Air gaps are a liability. They do not work as advertised. Covert audio channels have nothing to do with it.

When you put a computer in a faraday cage with an air gap, you still need to computer to have some input and output in order to be useful.
So the air gap requires that a human periodically walks into the room and interacts with the machine. At this point, the options for undermining the security of the system have gone up exponentially.

The reality of air gaps is that key signing ceremonies take place with several people packed in the room, while CDs are passed back and forth and put in the machine holding the CSRs, the software and signed certs.

If you instead had a wire to the machine in the room, you could monitor the transactions over the wire. You could ensure a non turing complete language is used in the wire protocol. You can deny humans access. You can apply defense in depth to a wire. No so much to a room full of humans.

Air gaps are evil.

Re:Air Gaps are Evil

[mlts]

The perfect is the enemy of the good.

Air gaps may not be perfect. If one gets physical access, then things are hosed. However it does do a good job at removing an entire type of attack, i.e. from remote. An attacker would have to have a "boots on the ground" presence in order to get software on the machine to use audio as a media layer with another machine to decode it.

Yes, it can be a threat, but it doesn't completely negate the benefits of air-gapping, and it is still prudent to keep the key signing boxes well off any network.

As always, if someone has access, no matter how sophisticated the defense, it likely can be bypassed somehow.

Some Technical Details.

[Jah-Wren+Ryel]

They used Lenovo T400 laptops which are circa 2008 models, no extra audio hardware. They could do 20bits/sec over nearly meters 20 meters if they had line-of-site between the laptops.

This is really, really simple to understand

[nctritech]

Without the software required to use the hardware for communication, the communication doesn't work. If your air-gapped computer has not been infected prior to air-gapping, this simply can't work. I can smell conspiracy theorists a mile away with "but what about malicious BIOSes or pre-infected hardware designs or..." and the solution for all of those remains the same: if it's that big of a concern, remove it from the computer. Rip open the laptop and disconnect or desolder the speakers and microphone, and while you're in there you can heat-gun off the magnetics for the network card and all the external USB port connectors. If you're gonna do paranoid, you might as well do it right.

Re:band pass filters

You're both uninformed. Computers don't lack filters. There are analog low pass filters on all audio inputs, because they're necessary (see the Nyquist/Shannon sampling theorem). The thing is, the cutoff frequencies are necessarily above the audible range, because there are no perfect "brick-wall" filters. For systems with sampling rates higher than 44.1kHz, the cutoff frequencies are far above the audible range. Otherwise what would be the point of providing the high sampling rate? Yes, it's audiophile hocus-pocus, but people buy it. None of this is relevant to the topic though, because the researchers used frequencies which are theoretically audible. But most adults don't hear much above 15kHz, so they don't notice these "audible" frequencies. When TVs were still called "tube", did you hear a high pitched sound in TV stores? If not, your audible range is already significantly diminished. The horizontal frequency is ca. 16kHz and the oscillating magnetic field caused parts in some TV sets to vibrate and emit noise at that frequency.