Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Computer Security Threat From Ultrasonic Networks

Posted by timothy on from the why-your-bats-are-going-crazy dept.

KentuckyFC (1144503) writes Security researchers in Germany have demonstrated an entirely new way to attack computer networks and steal information without anybody knowing. The new medium of attack is ultrasonic sound. It relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. The team has tested this kind of attack on a set of Lenovo T400 laptops infected with key-logging software. They say it is possible to transmit ultrasonic signals covertly at data rates of 20 bits per second at distances of up to 20 metres in an office environment. Interestingly, the team created the covert system by adapting a protocol designed for underwater acoustic communication. They've also tested various strategies for defeating this kind of attack. An obvious option is to disable all speakers and microphones but this also prevents ordinary activities such as VOIP communication. Instead, they suggest filtering the audio signals to prevent ultrasonic transmissions or converting them into an audible frequency. This may be newer than most attack vectors, but it's not the first time that ultrasonic transmission has been demonstrated as a vulnerability; in November of last year we mentioned malware operating along the same lines, as investigated byPwn2Own creator Dragos Ruiu.

12 of 121 comments (clear)

  1. A (hidden) communication channel is not an attack by thospel · · Score: 5, Insightful

    WTF ? That's a covert communication channel, not an attack.
    At least the original source gets that right. But what idiot writes the slashdot version of the article?

  2. Not that new by T.E.D. · · Score: 4, Informative

    I worked on a COMSEC job back in the '90s, and both our device and our building (particularly the windows) had countermeasures for this kind of attack.

    Perhaps this is a new thing for garage hackers, but intelligence agencies have known about it for decades.

    1. Re:Not that new by slew · · Score: 3, Insightful

      FWIW, Back in the 90's people were also worried about tempest-like stuff (e.g., EM emissions), but simply disabling the speakers isn't enough to inhibit the sonic transmission path. Electronics can "hum" at ultra-sonic frequencies (and fans can transmit audible frequencies), so by running of a suitable thermal virus actions, it is possible to leak information from a previously compromised machine that was not network connected.

      However, disabling the microphone would certain make it harder to control such a compromised, air-gapped machine...

  3. Does it really matter? by mrspoonsi · · Score: 4, Insightful

    For this to work, the computers must already be 'owned', the fact the computers can communicate 20 meters with another infected machine is the least of the worries if you ask me.

  4. Re:Hardware sampling rates by Rosco+P.+Coltrane · · Score: 4, Funny

    The easiest way to eliminate this threat is to lock down hardware sampling rates such that ultrasonic frequencies cannot be reliably reproduced

    Nope. The easiest way to eliminate this threat is to keep a pet bat next to your computer to scramble any ultrasonic transmission.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  5. Fix by Bazman · · Score: 3, Insightful

    Headphones. Or dummy jack-plugs.

  6. "Threat" from last year??? by LordLimecat · · Score: 3, Insightful

    Dragos Ruiu's findings from last year were never able to be reproduced by an outsider, and were highly suspect. Sometimes you can be a brilliant security guy, and also a delusional paranoid-- and I think the general consensus was that in that scenario, Dragos was being delusionally paranoid.

    The idea that various laptop speakers (all of varying and generally poor quality) will be able to reliably form a wireless network is really far-fetched, no matter how you cut it. Every laptop's mic is different, the speakers are all in different locations, some mics are gonna be off, the acoustics of the room are unknown....

    Theres just no way for this to reliably work.

    1. Re:"Threat" from last year??? by Anonymous Coward · · Score: 3, Insightful

      > Every laptop's mic is different, the speakers are all in different locations, some mics are gonna be off, the acoustics of the room are unknown....

      Says the guy demonstrating his utter lack of knowledge about DSP. All of those things can be compensated for with the right software, The price is simply reduced throughput. But when you've got days or weeks to run because no one even knows to look for you, even just 1bps can be sufficient.

      Dragos being right or wrong says absolutely nothing about the viability of these techniques, only about his particular circumstances.

  7. Linux not susceptible to attack by by+(1706743) · · Score: 4, Funny

    You know, because the sound card probably isn't working right anyway (and forget about the mic).

    (Joking, joking...built-in and USB soundcards work just fine on all my Linux computers.)

  8. Solution: office dog by RevWaldo · · Score: 5, Funny

    What is it? What is it, girl? Someone running a covert mesh network? Where's it coming from?

    .

    --
    Prisencolinensinainciusol. Ol Rait!
  9. Re:Hardware sampling rates by ColdWetDog · · Score: 3, Funny

    Ah, but you're missing an entire other defensive mechanism. One that, I will point out, did not escape the genius of Apple. Recall the recent angst about Apple's acquisition of Beats Audio. The two theories judged most likely centered around either gratuitously spending money to annoy the Slashdot hive mind or strategically buying up an inconsequential streaming audio business. Of course, careful consideration (yes, I understand that contradiction here) would lead one to realize that neither is very likely, so I offer a more technically sound rationale:

    If you've ever listened to a set of Beats headphones, the second thing you notice (the first is that they are ugly and cheap) is that it is engineered to be unable to pass frequencies higher than 4000 Hz. You're not going to hear a set of cymbals or a piccolo to save your life.

    So, these nefarious persons can attempt to stuff whatever data they'd like into the higher registers - it will do them no good at all. You don't need complex software rules, you don't need specially constructed DACs. You just need bass. Furthermore, if all you are going to do is to listen to DC to 4 kHz noise, you don't need a particularly robust audio platform to do it (like an iPhone). And, as an added bonus, this limited bandwidth will save on your precious monthly allotment of data.

    Apple has you covered, folks.

    --
    Faster! Faster! Faster would be better!
  10. Re:Hardware sampling rates by TeknoHog · · Score: 4, Interesting

    I was under the impression that while humans mostly cannot hear ultrasonic sounds, the existence of them can be perceived as a kind of "texture" to other sounds that we can hear. Removing these frequencies all together from all sounds sources can make stuff sounds more artificial.

    The timbre of any sound is due to harmonics -- frequencies higher than the fundamental. MP3 and other lossy compression schemes do indeed remove some of the quieter harmonics. However, if the harmonics are outside the hearing range, well, then you can't hear them.

    However, there may be nonlinear effects which convert some of the ultrasound to lower frequencies. Also, when a frequency exceeds the Nyquist limit (half the sampling rate), it is aliased to a frequency within the sampling range. (Hence "anti-aliasing", which is simply filtering out too high frequencies to prevent this effect.)

    --
    Escher was the first MC and Giger invented the HR department.