Slashdot Mirror
The Computer Security Threat From Ultrasonic Networks
KentuckyFC (1144503) writes Security researchers in Germany have demonstrated an entirely new way to attack computer networks and steal information without anybody knowing. The new medium of attack is ultrasonic sound. It relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. The team has tested this kind of attack on a set of Lenovo T400 laptops infected with key-logging software. They say it is possible to transmit ultrasonic signals covertly at data rates of 20 bits per second at distances of up to 20 metres in an office environment. Interestingly, the team created the covert system by adapting a protocol designed for underwater acoustic communication. They've also tested various strategies for defeating this kind of attack. An obvious option is to disable all speakers and microphones but this also prevents ordinary activities such as VOIP communication. Instead, they suggest filtering the audio signals to prevent ultrasonic transmissions or converting them into an audible frequency. This may be newer than most attack vectors, but it's not the first time that ultrasonic transmission has been demonstrated as a vulnerability; in November of last year we mentioned malware operating along the same lines, as investigated byPwn2Own creator Dragos Ruiu.
WTF ? That's a covert communication channel, not an attack.
At least the original source gets that right. But what idiot writes the slashdot version of the article?
I worked on a COMSEC job back in the '90s, and both our device and our building (particularly the windows) had countermeasures for this kind of attack.
Perhaps this is a new thing for garage hackers, but intelligence agencies have known about it for decades.
The easiest way to eliminate this threat is to lock down hardware sampling rates such that ultrasonic frequencies cannot be reliably reproduced (e.g. in the BIOS), and allow the user to flip the switch for higher rate support. At least, that's the first idea that came to mind. I'm sure it's not perfect, but it's better than "kill all audio!"
Obviously anything that is vulnerable to software tampering is less secure than some elegant hardware based solution; but surely one could apply ACLs to the audio device, to at least ensure that only suitably blessed applications can interact with it? Doesn't stop a root/kernel level exploit, or a blessed application being subverted; but right now, the default is that any program that can run can make noises, which is certainly easier to slip malice through.
For this to work, the computers must already be 'owned', the fact the computers can communicate 20 meters with another infected machine is the least of the worries if you ask me.
Probably the same one who wrote a similar article about a year back.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The folks who designed my desktop computer were really thinking ahead on this one: it was built without a speaker. Besides enhancing security, an auxiliary benefit of their clever "no-speaker defense" is that saved the manufacturer cost and space.
The easiest way to eliminate this threat is to lock down hardware sampling rates such that ultrasonic frequencies cannot be reliably reproduced
Nope. The easiest way to eliminate this threat is to keep a pet bat next to your computer to scramble any ultrasonic transmission.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Headphones. Or dummy jack-plugs.
So one infected computer talks to another via this method and the other computer is infected with code that interprets it. How about just use the malicious code on the 2nd computer to do whatever you were going to do with it? For network transmission, obviously just use encryption or a web server in the middle or something.
Dragos Ruiu's findings from last year were never able to be reproduced by an outsider, and were highly suspect. Sometimes you can be a brilliant security guy, and also a delusional paranoid-- and I think the general consensus was that in that scenario, Dragos was being delusionally paranoid.
The idea that various laptop speakers (all of varying and generally poor quality) will be able to reliably form a wireless network is really far-fetched, no matter how you cut it. Every laptop's mic is different, the speakers are all in different locations, some mics are gonna be off, the acoustics of the room are unknown....
Theres just no way for this to reliably work.
I was under the impression that while humans mostly cannot hear ultrasonic sounds, the existence of them can be perceived as a kind of "texture" to other sounds that we can hear. Removing these frequencies all together from all sounds sources can make stuff sounds more artificial.
I have not researched the subject a lot, but these are what I have read across the many years of the discussion reemerging.
Personally, if I listen to an 256kbit MP3, then switch back to FLAC, I hear a slight difference, but it's hard to pinpoint. But if I have one ear listening to the MP3 and the other ear listening to the FLAC, the distinction is HUGE. A lot of the difference is in the highs, and that's with my crappy integrated sound card and semi-decent headphones.
You know, because the sound card probably isn't working right anyway (and forget about the mic).
(Joking, joking...built-in and USB soundcards work just fine on all my Linux computers.)
What is it? What is it, girl? Someone running a covert mesh network? Where's it coming from?
.
Prisencolinensinainciusol. Ol Rait!
Ah, but you're missing an entire other defensive mechanism. One that, I will point out, did not escape the genius of Apple. Recall the recent angst about Apple's acquisition of Beats Audio. The two theories judged most likely centered around either gratuitously spending money to annoy the Slashdot hive mind or strategically buying up an inconsequential streaming audio business. Of course, careful consideration (yes, I understand that contradiction here) would lead one to realize that neither is very likely, so I offer a more technically sound rationale:
If you've ever listened to a set of Beats headphones, the second thing you notice (the first is that they are ugly and cheap) is that it is engineered to be unable to pass frequencies higher than 4000 Hz. You're not going to hear a set of cymbals or a piccolo to save your life.
So, these nefarious persons can attempt to stuff whatever data they'd like into the higher registers - it will do them no good at all. You don't need complex software rules, you don't need specially constructed DACs. You just need bass. Furthermore, if all you are going to do is to listen to DC to 4 kHz noise, you don't need a particularly robust audio platform to do it (like an iPhone). And, as an added bonus, this limited bandwidth will save on your precious monthly allotment of data.
Apple has you covered, folks.
Faster! Faster! Faster would be better!
I was wondering how this speed compared to a telegraph operator sending Morse Code. Googling about, words per minute, based on the standard five characters per word plus spaces and punctuation, works out to about bps * 1.2.
http://superuser.com/questions...
So 20 bps is about 24 words per minute. Compare this to a skilled telegraph operator, who can manage 40 wpm.
http://en.wikipedia.org/wiki/M...
So yeah, it's slow, BUT for keylogging it couldn't keep up only if users typed constantly, which they don't. Plenty of time in between to do some catch up.
.
Prisencolinensinainciusol. Ol Rait!
I was under the impression that while humans mostly cannot hear ultrasonic sounds, the existence of them can be perceived as a kind of "texture" to other sounds that we can hear. Removing these frequencies all together from all sounds sources can make stuff sounds more artificial.
The timbre of any sound is due to harmonics -- frequencies higher than the fundamental. MP3 and other lossy compression schemes do indeed remove some of the quieter harmonics. However, if the harmonics are outside the hearing range, well, then you can't hear them.
However, there may be nonlinear effects which convert some of the ultrasound to lower frequencies. Also, when a frequency exceeds the Nyquist limit (half the sampling rate), it is aliased to a frequency within the sampling range. (Hence "anti-aliasing", which is simply filtering out too high frequencies to prevent this effect.)
Escher was the first MC and Giger invented the HR department.
Depends on the data, doesn't it?
If I've installed something which is designed to capture passwords, your 20 bits/sec means I can transmit your password in just a few seconds.
So if all it does it say "got it, user X has this password" ... that can be pretty valuable and is likely do-able in under 30 seconds.
This may not be an attack, but it is an attack vector.
Lost at C:>. Found at C.
the senior engineers that tested the system consider it undetectable. The intern just smiled and said nothing...
Nullius in verba
The amount of serious discussions of how to mitigate this "attack" above this comment saddens me. If you have rouge software on your computer, severing one of the least efficient communication channels I've heard of is not going to be helpful.
Over 5 million people in the US hold secret-level or higher security clearances. Nearly all of them have work that involves classified computer systems, ALL of which are air-gapped. And that doesn't even count commercial applications where the company is concerned about industrial espionage.
Your objections here only display your ignorance, not your wisdom.
BTW, you've met at least one now.
I will take the 5 million number at face value.
I laugh at the idea that nearly all of those people access classified computer systems.
And the idea that they're all air gapped? That's just complete bullshit, as recent history has shown.
he two theories judged most likely centered around either gratuitously spending money to annoy the Slashdot hive mind
Yes, it's amazing what money tech companies will spend to piss off the average slashdotter. We truly are special.
Linux, you magnificent bastard, I read the fucking manual!
48kHz (98kHz sample rate) is only one octave higher than 24kHz (48kHz sample rate). I most certainly can hear that difference.
And even if we couldn't hear it, audio engineers still need it. Even one octave below the Nyquist limit, you can still lose up to 30% of your original signal.
Wonder what the public key field is for?
Most music these days is not produced via an analog signal to a microphone. Rather, a digital process creates an analog waveform in software like Ableton Live, Cubase, etc. If an overtone or other sonic artifacts are applied, you can definitely hear the effects on the music even though these are at high frequencies..
Speakers are graded for quality using the "Klippel" test, which measures amount of distortion and how clean the signal comes out at various frequencies. With good speakers, you should be able to have a conversation right in front of them at loud volume, and not have to speak loudly or bring up your voice to clearly understand the person. That is because the audio waveform will be clean and not distort other frequencies.
You use profanity to refer to audiophiles and you clearly have no idea what you're talking about. 96 or 192kHZ sampling rate doesn't have much to do with frequency response , which is what we are takling about.
Of course I use profanity. Audiophiles are fucking morons. They're dumber than people who wage political campaigns against vaccines. People who are afraid of vaccines at least have minor blips of correlation to base their fears off of, while the science simply shows no connection. Audiophiles have hard science and experimental data that actually proves they're wrong.
I'm not talking about frequency response, I'm talking about sample rate because the person I was replying to was talking about sample rate in relation to FLAC, MP3, etc., and the discussion thread is about limiting the sample rate of the sound card. Please read before you post.
Most music these days is not produced via an analog signal to a microphone. Rather, a digital process creates an analog waveform in software like Ableton Live, Cubase, etc. If an overtone or other sonic artifacts are applied, you can definitely hear the effects on the music even though these are at high frequencies..
You're wrong about music production as well. People play instruments and they're recorded. There's a lot of digital manipulation, and lots of canned or digitally-generated samples are used, with some bands/artists using more than others, but the vast majority is still sourced from people playing instruments and singing into microphones. Regardless, none of this has anything to do with music - it simply has to do with sound and the reproduction thereof. You CANNOT hear any frequencies higher than 20 kHz. If there is a 99 kHz tone in the room interfering with things, you hear the interference pattern's effects in the human-audible range. You do not heat the 99 kHz tone. Everything you hear is within the human-audible range, and double that is enough to transparently reproduce any sound a human could ever hear.
Speakers are graded for quality using the "Klippel" test, which measures amount of distortion and how clean the signal comes out at various frequencies. With good speakers, you should be able to have a conversation right in front of them at loud volume, and not have to speak loudly or bring up your voice to clearly understand the person. That is because the audio waveform will be clean and not distort other frequencies.
Now this is just complete bullshit. If you can hear the speaker it is producing a pressure wave. If one speaker is a box and one speaker is a human they're still both producing pressure waves. When two pressure wavefronts collide, such as at your ear when you're hearing them, they interfere. A speaker's quality is measured by its ability to reproduce the input signal. For all speakers humans listen to, the highest frequency that matters in 20 kHz. You cannot hear anything higher than that. You are not special. Any audible interference from higher frequency sources is already baked into the signal, and a doubled sampling rate covers any aliasing. A speaker's quality has nothing to do with your ability to engage in conversation in front of the speaker. If I output the inverse of what you're saying people wouldn't be able to hear you, by design. If I output exactly what you were saying people would be able to hear you more loudly. If I output X people's ability to hear you depends entirely on the interference between X and what you're saying and their own brain being able to concentrate and fill in gaps. The speaker's quality has to do with how well X matches the input. There is no connection between your conversation and the speaker's quality.
Every couple of years when I get my hearing test, the frequency response plot stops at 20kHz and the actual test signals stop at 18hKz. Because people can't hear higher than that.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"