Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Build Covert Acoustical Mesh Networks In Air

samzenpus posted about 10 months ago | from the protect-ya-neck dept.

Security 107

An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."

cancel ×

107 comments

Sorry! There are no comments related to the filter you selected.

Apple already sells this (3, Funny)

ArcadeMan (2766669) | about 10 months ago | (#45516507)

It's called AirPort.

Re:Apple already sells this (0)

Anonymous Coward | about 10 months ago | (#45516561)

Acoustic means with hearing.

Not EM, but vibrations of air.

Re:Apple already sells this (4, Funny)

ArcadeMan (2766669) | about 10 months ago | (#45517139)

Vibrations of air, like the woosh that just went over your head?

Re:Apple already sells this (0)

Anonymous Coward | about 10 months ago | (#45517359)

Apple fanboys would claim that Apple invented air, so I wouldn't be surprised.

Re:Apple already sells this (1)

Anonymous Coward | about 10 months ago | (#45517647)

Everyone knows IBM created air.

Apple just made it cool to breathe.

Re:Apple already sells this (0)

Anonymous Coward | about 10 months ago | (#45517965)

Everyone knows IBM created air.

I thought that was Adobe.

Re:Apple already sells this (1)

davester666 (731373) | about 10 months ago | (#45520521)

No. Adobe makes it suck.

Re:Apple already sells this (0)

Anonymous Coward | about 10 months ago | (#45518179)

Maybe he just didn't think the joke actually worked.

Three words: (0)

Anonymous Coward | about 10 months ago | (#45516519)

White noise generator

Re:Three words: (0)

Anonymous Coward | about 10 months ago | (#45516733)

At what power?

Re:Three words: (1)

TechyImmigrant (175943) | about 10 months ago | (#45516783)

Two words: Walsh codes

Re:Three words: (0)

Anonymous Coward | about 10 months ago | (#45516893)

At what power?
(This exact comment has already been posted. Try to be more original...)

Re:Three words: (1)

TechyImmigrant (175943) | about 10 months ago | (#45517639)

Enough energy per bit to do what needs doing.

Re:Three words: (2)

Minwee (522556) | about 10 months ago | (#45518065)

Good idea. You could turn up the noise level to defeat just about anything, and then call it The Cone Of Silence [youtube.com] .

Who could possibly object to that?

Re:Three words: (1)

TechyImmigrant (175943) | about 10 months ago | (#45519053)

You don't have to turn up the noise level. Just run quieter symbols for longer and add bucketloads of FEC.

 

Re:Three words: (0)

Anonymous Coward | about 10 months ago | (#45521719)

White noise generator

How about- don't hook up any speakers or microphones in the first place?

Obama lies (-1)

Anonymous Coward | about 10 months ago | (#45516533)

Who knew?

http://www.cnn.com/2013/11/22/politics/obamacare-subsidies

"One of the basic tenets of Obamacare is that the government will help lower-income Americans -- anyone making less than about $45,900 a year -- pay for the health insurance everyone is now mandated to have.

But a CNN analysis shows that in the largest city in nearly every state, many low-income younger Americans won't get any subsidy at all. "

I know, it's hard to believe, I couldn't believe it myself.

It seems like this Obama guy may not really have the best interests of the country in mind after all. Boy did he ever fool me!

Re:Obama lies (-1, Offtopic)

phantomfive (622387) | about 10 months ago | (#45516639)

Did you read the article? It says, "But if the baseline plan is cheap enough, the formula is thrown off and the subsidy is zero."

Basically, if it's cheap enough that you should be able to afford it, then you don't need a subsidy. Obamacare has problems, sure, but in that instance it's an improvement over giving a subsidy blindly to people who don't need it.

Re:Obama lies (-1)

Anonymous Coward | about 10 months ago | (#45516703)

"if it's cheap enough that you should be able to afford it, then you don't need a subsidy"

Oh I read the article. All the Obamacare plas ar in the order of 2 to 4x to the cost of pre-Obamacare plans, not to mention decudcables going through the roof.

But that's not the point, Obama promised to reduce the cost of insurance and he lied about it. the new "lower cost plans" are higher than they were before!

Re:Obama lies (1)

Anonymous Coward | about 10 months ago | (#45518409)

How much are you getting paid for this offtopic claptrap on every post? At least the "Cruz Control" guy who spews stuff how NASA should be privatized, has tried to make posts fairly relevant to the topic hand before going into how deeply in debt we are in with China.

There was a tenant from the old Soviets. Tell a lie often enough, and people will start believing it. Guess this is working.

Re:Obama lies (0)

Anonymous Coward | about 10 months ago | (#45518621)

"Tell a lie often enough, and people will start believing it. Guess this is working."

It's not just a Soviet axiom, it's also part of Alinskys rules. So I take it you see right through the bullshit then huh? Yes Obama knows his Alinsky as well as anyone could.

“If you push a negative hard enough, it will push through and become a positive.”

Lock down I/O (3, Funny)

l2718 (514756) | about 10 months ago | (#45516577)

An "air gap" means making sue a computer cannot exchange information with other computers. LAN is one way to do so, but other sensors on the computer can be used for input, and other devices for output. Is it really a surprise that the microphone on a computer can be used as an input device?

Re:Lock down I/O (2)

K. S. Kyosuke (729550) | about 10 months ago | (#45516657)

I guess it's time for us to upgrade to vacuum-gapped computers.

Re:Lock down I/O (4, Insightful)

marcello_dl (667940) | about 10 months ago | (#45517045)

You mean downgrade? what about the old desktop box with no mic, an easily detachable and crappy speaker for beep, no wireless stuff integrated into the CPU as an anti theft device, no official wireless modem, and always-on fans at a fixed speed (to stop in his track the resourceful black hat that one day will try malicious communication over fan freq.).

Re:Lock down I/O (1)

sjames (1099) | about 10 months ago | (#45518137)

Make sure there's plenty of air in that gap though so one machine can't communicate by busying and idling it's CPUs to alter air temp.

Then lock down your "not security critical" read only monitors for power consumption etc. Also your security cameras lest someone have fun with the location lights.

Re:Lock down I/O (0)

Anonymous Coward | about 10 months ago | (#45521157)

Not just air temperature, but the operation of your CPU creates sound. Analyzing it is called acoustic cryptanalysis, and researchers have done some amazing things, like cracking RSA keys. http://tau.ac.il/~tromer/acoustic/

These kinds of side-channel attacks have been well known for years. Using these same vectors for penetration, however, is novel and cool, but less interesting from a theoretical perspective. Cracking RSA with a microphone is more than a little harder than using said microphone to receive some data purposefully sent.

Re:Lock down I/O (0)

Anonymous Coward | about 10 months ago | (#45518161)

You forgot that old desktop boxes have those noisy floppy drives [youtube.com] ...

Re:Lock down I/O (0)

Anonymous Coward | about 10 months ago | (#45525227)

You'd better detach that crappy beep speaker. Reengineering beep speaker as microphone is old-school hack.

Re:Lock down I/O (2)

Somebody Is Using My (985418) | about 10 months ago | (#45517111)

I see your vacuum-gapped computer and raise you a webcam + CAPSLock LED.

Re:Lock down I/O (2)

bhassel (1098261) | about 10 months ago | (#45517709)

I wonder what sort of bitrate you could get by modulating energy consumption...

Re:Lock down I/O (1)

freeze128 (544774) | about 10 months ago | (#45526297)

I trump your webcam with a SPACE Disco.

Checkmate!

Re:Lock down I/O (0)

Anonymous Coward | about 10 months ago | (#45518163)

Or give everybody a separate sound proof rooms/offices instead of those crappy "open office"?

Re:Lock down I/O (1)

VVelox (819695) | about 10 months ago | (#45516757)

Nah. The surprising bit is the lack of bandpass filters.

Re:Lock down I/O (1)

viperidaenz (2515578) | about 10 months ago | (#45518157)

You're surprised someone cheapened out making consumer products?
If 5c can be saved per unit by taking out some capacitors and inductors, they'll do it.

Re:Lock down I/O (1)

fustakrakich (1673220) | about 10 months ago | (#45522399)

Somebody locked down Slashdot archives [slashdot.org] , but I broke through with my acoustic modem [slashdot.org] . The connection was kinda slow, hence the difference in time stamps

Space Gap (1)

Cold hard reality (1536175) | about 10 months ago | (#45516587)

Soon we'll have marketers pitching space-gapped machines, so even the acoustics are blocked.

Re:Space Gap (2)

OhSoLaMeow (2536022) | about 10 months ago | (#45517609)

Soon we'll have marketers pitching space-gapped machines, so even the acoustics are blocked.

Then one computer will display moving lips and another computer will read said lips.

I'm sorry Dave, I'm afraid I can't do that.

band pass filters (1)

VVelox (819695) | about 10 months ago | (#45516737)

I am really surprised so much in the way of audio electronics in computers lacks a bandpass filter to prevent interference from stuff outside of the audible spectrum.

Re:band pass filters (1)

n1ywb (555767) | about 10 months ago | (#45516817)

What interference? Why would any engineer add cost and complexity to a design by adding (previously considered) unecessary filtering circuitry? We talking analog filters or digital filters? Passive or active? Skirt shapes? It's not as simple as "add filters. problem solved." Really, if you are security paranoid and you don't need them, remove the speakers and mic. Now the problem really is solved. You can alway plug in a headset.

Re:band pass filters (3, Informative)

Anonymous Coward | about 10 months ago | (#45517769)

You're both uninformed. Computers don't lack filters. There are analog low pass filters on all audio inputs, because they're necessary (see the Nyquist/Shannon sampling theorem). The thing is, the cutoff frequencies are necessarily above the audible range, because there are no perfect "brick-wall" filters. For systems with sampling rates higher than 44.1kHz, the cutoff frequencies are far above the audible range. Otherwise what would be the point of providing the high sampling rate? Yes, it's audiophile hocus-pocus, but people buy it. None of this is relevant to the topic though, because the researchers used frequencies which are theoretically audible. But most adults don't hear much above 15kHz, so they don't notice these "audible" frequencies. When TVs were still called "tube", did you hear a high pitched sound in TV stores? If not, your audible range is already significantly diminished. The horizontal frequency is ca. 16kHz and the oscillating magnetic field caused parts in some TV sets to vibrate and emit noise at that frequency.

Re:band pass filters (0)

Anonymous Coward | about 10 months ago | (#45525545)

Thanks! It makes me physically
ill when I walk into a cheap tv
store with what I suspected
was badly tuned oscillators of
some kind but didn't know what.
People did not believe me.

Re:band pass filters (2)

MightyYar (622222) | about 10 months ago | (#45516897)

Filters usually have some consequence. Something approaching an ideal low-pass filter can be applied to a recorded signal, since you can assume a zero level before and after the recording. But a real-time filter has to make compromises and will result in some kind of distortion (ringing artifacts mostly). You can improve things by adding a delay, but if this delay is too long then you run into latency problems for real-time applications like chat. I'm sure you could produce something of acceptable quality, but it wouldn't necessarily be trivial or transparent.

Re:band pass filters (1)

AK Marc (707885) | about 10 months ago | (#45517227)

The only computers I've ever owned with a built-in mic were laptops. Is this really a problem for secure computers? Do business-grade desktops all ship with microphones now?

Re:band pass filters (1)

jafac (1449) | about 10 months ago | (#45517409)

I guess that, IN THEORY, any speaker can be a microphone. If only there is a circuit that can read voltage levels induced on the speaker-coil by air vibrations on the membrane. (in hardware terms, you can just connect a speaker as a microphone - but in computer-terms, there probably is not the audio-input digitizer on that physical channel, on most audio boards).

Air Gaps are Evil (3, Interesting)

TechyImmigrant (175943) | about 10 months ago | (#45516759)

Air gaps are a liability. They do not work as advertised. Covert audio channels have nothing to do with it.

When you put a computer in a faraday cage with an air gap, you still need to computer to have some input and output in order to be useful.
So the air gap requires that a human periodically walks into the room and interacts with the machine. At this point, the options for undermining the security of the system have gone up exponentially.

The reality of air gaps is that key signing ceremonies take place with several people packed in the room, while CDs are passed back and forth and put in the machine holding the CSRs, the software and signed certs.

If you instead had a wire to the machine in the room, you could monitor the transactions over the wire. You could ensure a non turing complete language is used in the wire protocol. You can deny humans access. You can apply defense in depth to a wire. No so much to a room full of humans.

Air gaps are evil.

Re:Air Gaps are Evil (1)

TheCarp (96830) | about 10 months ago | (#45517065)

The reality of air gaps is that key signing ceremonies take place with several people packed in the room, while CDs are passed back and forth and put in the machine holding the CSRs, the software and signed certs.

So because people often conduct their air gapped business in a flawed manner, air gaps are useless? Sorry, I don't follow.

Wouldn't it be better to....embrace the power of AND?

Have an air gap AND pre-compute QR codes or some other encoding that doesn't require the loading of potentially insecure media in order to verify/sign keys?

or

Use two machines, one for loading/verifying keys, with a serial line to a second box, setup to only allow file transfers in over the serial line.... transfer file... log on to console... sign.

Preferably (to limit possibilities for data exfiltration) have the serial cable be one-way only and use QR or similar to get signed keys back out.

Re:Air Gaps are Evil (2)

AK Marc (707885) | about 10 months ago | (#45517273)

You can have secure or usable, not both. And when you get so secure as to be unusable, the users will undermine security for usability. Air gaps are almost always done in a way that doesn't improve security.

QR Code viruses (1)

Tenebrousedge (1226584) | about 10 months ago | (#45522667)

The smallest viruses are well within the storage capacity of a QR code, and an exploit could be a mere handful of bytes; what makes you think that they are somehow inherently secure?

Re:QR Code viruses (1)

TheCarp (96830) | about 10 months ago | (#45522775)

Except that the QR codes are a replacement for using other, even more vulnerable media, which can hold gigabytes of extra payload.

You have to exchange key data somehow. It doesn't matter what encoding you use as long as everyone can read it and preferably without doing anything potentially unsafe, like mounting unknown filesystems on the most protected node.

Pretty sure I would take a QR code as an acceptable trade off between manually typing in key data for signing and mounting your usb drive (or mine on your system) to get it from you. If it meant I could avoid even mounting my own media, all the better.

Re:Air Gaps are Evil (4, Insightful)

mlts (1038732) | about 10 months ago | (#45517159)

The perfect is the enemy of the good.

Air gaps may not be perfect. If one gets physical access, then things are hosed. However it does do a good job at removing an entire type of attack, i.e. from remote. An attacker would have to have a "boots on the ground" presence in order to get software on the machine to use audio as a media layer with another machine to decode it.

Yes, it can be a threat, but it doesn't completely negate the benefits of air-gapping, and it is still prudent to keep the key signing boxes well off any network.

As always, if someone has access, no matter how sophisticated the defense, it likely can be bypassed somehow.

Mod parent up. (1)

khasim (1285) | about 10 months ago | (#45517701)

However it does do a good job at removing an entire type of attack, i.e. from remote.

Exactly. And Bruce Schneier has an excellent article on that concept. He calls it "attack trees".

https://www.schneier.com/paper-attacktrees-ddj-ft.html [schneier.com]

I think that the biggest problem here is that there isn't a recognized definition of "security" as it applies to computers.

Security is not about becoming invulnerable. That is impossible. Mostly because there is no "secure". There is only "more secure" or "less secure" than your starting point.

Improving security is, initially, about reducing the number of people who can EFFECTIVELY attack you. Then increase the number of people REQUIRED to attack you.

And that isn't even addressing the issue of whether you KNOW that you're being attacked and/or whether the data has been compromised.

Re:Air Gaps are Evil (1)

DavidTC (10147) | about 10 months ago | (#45523281)

Do you even have the slightest idea how key signing works?

People sign keys on their own computer. Because you signs someone's _public_ key (Which of course you is freely available over the internet, although obviously you should confirm it is their key before signing it.) with your _private_ key.

There's no reason for _anyone_ to access anyone else's computer while signing keys.

But none of that has anything to do with air-gapped computers, which have exactly no role to play in this. Why? Because people do not take air-gapped computers places and leave them unattended. Hell, they probably don't ever take them places, period. That entire concept is perhaps the ultimate in absurdity.

I know it allows you to feel extremely smug imagining some sort of universe where some other smug idiots take air-gapped computers and set them up and _leave them unattended_ while running around handing out keys at a key signing party, and now you're smarter than them.

However, I am sad to say, you have literally just invented those people out of thin air.

There probably are people who have their PGP private keys on some air-gapped computer...and that air-gapped computer is almost certainly stashed in a safe at their house and otherwise never out of their sight. When they sign a key, they get handed it on CD or USB, and it's carried home with them, signed, and carried back out.(1)

Those people are key signing parties? _Those_ people are not air-gapped, and 99% of the time they're downloading everyone's key off the internet and everyone's just wandering by and confirming their hash.

1) Now, they do have to get the key from somewhere, which I guess in theory introduces some sort of security issue in that they are accessing something externally...but if their computer is so insecure as to be exploitable via inserted CD or USB than their computer is probably already hacked, and it's hard to imagine how that is a security issue while transferring things around a random network is not. You actually can confirm a USB device is legit. (Granted, there are firmware hacks and other fake USB things...but that's why you find some old random flash drive somewhere and use _that_ to actually transfer the files in and out. Or just get a DVD-RW.)

Some Technical Details. (4, Informative)

Jah-Wren Ryel (80510) | about 10 months ago | (#45516891)

They used Lenovo T400 laptops which are circa 2008 models, no extra audio hardware. They could do 20bits/sec over nearly meters 20 meters if they had line-of-site between the laptops.

Re:Some Technical Details. (2)

gl4ss (559668) | about 10 months ago | (#45517011)

was the earlier story about a researcher bitching about his laptop being hacked through this an advert for these guys?

well.. he claimed to have bios infection which did the airgap jump..

just that you can encode and decode information to and from audio isn't that much of a news.

Re:Some Technical Details. (1)

akozakie (633875) | about 10 months ago | (#45520697)

As far as I recall he claimed no such thing. He claimed that the malware updated through the air gap. Quite a different thing than hacking - you already have an audio-networking-capable software on both communicating boxes.

This would mean that malware using this technique is already in the wild. Quite an ad for someone offering any protection from this, but if confirmed - very interesting.

Re:Some Technical Details. (1)

bill_mcgonigle (4333) | about 10 months ago | (#45525449)

Quite an ad for someone offering any protection from this, but if confirmed - very interesting.

And now you know why infosec hackers play thrash metal all the time.

Re:Some Technical Details. (1)

Anonymous Coward | about 10 months ago | (#45522143)

well.. he claimed to have bios infection which did the airgap jump..

No, actually he did not. It was a variety of supposedly tech-savvy journalists with poor reading comprehension skills who made that claim.
What the original guy claimed (yes, I read his actual blog) was that once infected, the malware was using acoustical networking to maintain the infection while he was attempting to clean the system. He never made any claims that the acoustic networking was the original infection vector.

Re:Some Technical Details. (1)

AK Marc (707885) | about 10 months ago | (#45517307)

So they demonstrated bridging the "air gap" with a computer that can't be bought without a wireless card in it (at least through the channels I tried). How about a desktop. Most desktops don't come with microphones, and I don't see why you'd add one to a secure machine.

Re:Some Technical Details. (1)

pmontra (738736) | about 10 months ago | (#45517671)

But many people add mics to their desktops to use Skype and the like. Most desktops are not bought by people who know anything about security and even when there is an IT department, they still make conference calls with their computers and need a mic.

Anyway, maybe Vinge's Blight [wikipedia.org] will take over the world with an audio malware ;-)

Re: Some Technical Details. (2)

ceoyoyo (59147) | about 10 months ago | (#45521075)

Skype works extremely poorly on an air gapped machine.

Re: Some Technical Details. (1)

pmontra (738736) | about 10 months ago | (#45521161)

Mmm, you're right and I didn't pay attention. Sorry.

Re: Some Technical Details. (1)

DavidTC (10147) | about 10 months ago | (#45523367)

Now I'm imagining someone trying transmit a Skype conversation over the air-gap via audio. Or just the audio, at least.

It seems extremely silly, but then I started thinking about a hypothetical audio bug that literally just relayed the audio _as_ encoded audio...but in a way that was easier to hear through walls and windows and stuff. Like pumping it at higher volume, but at frequencies we couldn't hear. Or doing it much slower (Presumably with some sort of voice activation so it would only record 8 hours of audio a day, or whatever, and could take 24 to play it back.) which would allow more error correction.

Everyone always talks about the high-than-human audio frequencies, but I wonder...if you encode it tight enough, and can transmit audio 24/7 and it's not recording that much, could you possibly transmit it on _lower_ frequencies?

Of course, no one actually knows if this is workable but the CIA.

But transmitting data is easy if you can get someone inside where the data is. For example, I once had a weird idea for an bug that pretended to be CFL bulb, but it would slightly modulate the light frequency in response to audio. I think intelligence services have actually done that sort of thing before, but it was amplitude modulation whereas I'm talking about frequency modulation.

Re:Some Technical Details. (1)

fast turtle (1118037) | about 10 months ago | (#45518651)

hell I didn't have to buy a fucking mic to use skype/google-talk/whatever as my god damn webcam includes one. Plug it in to video chat and I've got a live mic. Hell the damn thing is good enough for Dragon Speaking 10 to use it instead of a headset. Makes me wonder why this hasn't happened before (remember the movie Silent Running - Sci-fi http://en.wikipedia.org/wiki/Silent_Running [wikipedia.org] ) where the droids/bots were taught to play poker (cheated using sounds). That's from 72 and was probably produced in 70 (40+ yrs ago for the fucking concept). Seems that nobody bothers to read anything now days other then fucking comic books.

Shit as a kid, I used to read stuff like the "Hardy Boys", "Nancy Drew", Remember "Tom Swift?" along with F&SF/Galaxy/Analog and a whole rash of exotic fiction. Now get off my fucking lawn

Re:Some Technical Details. (0)

Anonymous Coward | about 10 months ago | (#45519303)

Someone still reads Tom Swift, or they wouldn't have named the TASER after him. (Thomas A. Swift's Electric Rifle), though the A. was added by Taser.

Re:Some Technical Details. (0)

Anonymous Coward | about 10 months ago | (#45519223)

Something about those laptops. I have a T61 and I've tested this. With the microphone disabled in BIOS it will still record audio. Much less sensitive, but try it, and then take a look in Audacity at it.

Re:Some Technical Details. (0)

Anonymous Coward | about 10 months ago | (#45525303)

So did they just flash the screen on and off and use the webcam to read it? ;-)

(yeah, yeah, I know it's not "acoustical", but then acoustical isn't a word, so who's to say that visual morse code isn't applicable?)

So I have to disable my audo hardware now? (2, Informative)

bobbied (2522392) | about 10 months ago | (#45516935)

Oh great... Can't you hackers just leave well enough alone?

I've had to disconnect my network cable, remove the wireless card, and disable all the USB ports to make my machine secure and now I have to disable the audio hardware too? Man, this is getting out of hand..

Seriously though... This is new how? We have been sending data using audio cards between computers for decades. I remember cranking up the cassette tape drive to load programs into my TRS-80 in high school and hooking up to an acoustic modem to get on dial up AOL. Recently I've used my computer to talk to another computer halfway around the world though an RF link provided by my ham radio. Hams routinely transfer "data" over packet, PSK and other modes over audio links using their audio cards in their computers.

Oh, wait, so the ad-hock links are the new thing? Um, not so fast there either. Mesh networks have been around long enough to fall in and out of favor once or twice. Ham radio operators might know about HSMM Mesh http://www.broadband-hamnet.org/ [broadband-hamnet.org] has been doing mesh networks for nearly a decade, and the protocol it uses internally wasn't the first. So this is not new..

I conclude that NOTHING here is new, except perhaps combining an audio network link with a mesh networking protocol.... But I don't see that as ground breaking..

The only thing this will really do is make it necessary to disable/remove audio hardware from secure computers, just because somebody might try to use it for something stupid. Thanks guys (and gals if there are any working on this) for making my life harder...

Re:So I have to disable my audo hardware now? (1)

Theaetetus (590071) | about 10 months ago | (#45517079)

This is new how? We have been sending data using audio cards between computers for decades. I remember cranking up the cassette tape drive to load programs into my TRS-80 in high school and hooking up to an acoustic modem to get on dial up AOL. Recently I've used my computer to talk to another computer halfway around the world though an RF link provided by my ham radio. Hams routinely transfer "data" over packet, PSK and other modes over audio links using their audio cards in their computers.

Oh, wait, so the ad-hock links are the new thing? Um, not so fast there either. Mesh networks have been around long enough to fall in and out of favor once or twice. Ham radio operators might know about HSMM Mesh http://www.broadband-hamnet.org/ [broadband-hamnet.org] has been doing mesh networks for nearly a decade, and the protocol it uses internally wasn't the first. So this is not new..

I conclude that NOTHING here is new, except perhaps combining an audio network link with a mesh networking protocol.... But I don't see that as ground breaking..

Maybe you missed the "covert" part. If your computer was hissing and whining away like a 56kbps modem to talk to the computer in the room next door, you'd probably notice.

... Although, maybe not, since it's the third word in the /. headline and second word in the article headline, and yet you still missed even this rudimentary visual communication.

Re:So I have to disable my audo hardware now? (1)

bobbied (2522392) | about 10 months ago | (#45517387)

You haven't been in my lab, it's pretty loud in there... Earplugs are standard and in fact are issued for free just inside the door. So, I might or might not hear a PSK conversation over the din. However, in such an environment would not be very hospitable to acoustic communications in the first place. But I don't think that trying to be covert is going to do anything but lower your though put to near useless.

Like in RF communications, AF links will need to have a minimum S/N ratio and bandwidth. If you keep the used frequency out of the normal audio range (say above 16 Khz where only a few folks might hear it) you are going to have to be loud enough and use enough bandwidth that it's going to be hard for even deaf old guys like me not to notice. You might get by me with a carrier centered on 16Khz, but if you are trying to transfer data at any kind of useable data rate (say 9600 bps) you will have a minimum bandwidth of about 10 Khz. Keeping things above 16 Khz means your going to be transmitting between 16 and 26 Khz, which is way outside the usable specs of almost all audio hardware (speakers and microphones) I've happened onto in real life. So the only choice is really going extremely low bandwidth or venture into non covert frequencies and risk detection. I say this is either easily heard, not that useful, prone to interference or low bandwidth.

Never the less, I'm guessing the next thing I'm going to have to do is disable/remove all of the audio hardware..

Re:So I have to disable my audo hardware now? (1)

Theaetetus (590071) | about 10 months ago | (#45517691)

You haven't been in my lab, it's pretty loud in there... Earplugs are standard and in fact are issued for free just inside the door. So, I might or might not hear a PSK conversation over the din. However, in such an environment would not be very hospitable to acoustic communications in the first place. But I don't think that trying to be covert is going to do anything but lower your though put to near useless... I say this is either easily heard, not that useful, prone to interference or low bandwidth.

And since we're talking about transferring small pieces of data, such as user names, passwords, account numbers, etc., you're talking about maybe 10-12 bytes at a time, tops. It could take a minute and you'd never hear it.

Re:So I have to disable my audo hardware now? (1)

Gim Tom (716904) | about 10 months ago | (#45519923)

You covered most of what I was going to say except that in my younger days I could almost always hear the flyback whine from any CRT raster scan device be it TV or monitor. I think those generally operated in about the same frequency range as this technique does so many younger people should be able to HEAR the stealth transmissions just fine. On another note our Ham Radio club used HSMM routers during field day this year to connect the operating positions around the large field with the logging computer and it worked far better than expected, and better than straight Wi-Fi had in previous years. 73 OM

Re:So I have to disable my audo hardware now? (1)

dpidcoe (2606549) | about 10 months ago | (#45520233)

You covered most of what I was going to say except that in my younger days I could almost always hear the flyback whine from any CRT raster scan device be it TV or monitor. I think those generally operated in about the same frequency range as this technique does so many younger people should be able to HEAR the stealth transmissions just fine.

They may hear it, but will they notice it? Intermittent and faint high pitched frequencies are common around electronics, I don't think I'd flag that sound as out of the ordinary under normal circumstances.

Re:So I have to disable my audo hardware now? (1)

fufufang (2603203) | about 10 months ago | (#45521545)

You could wear headphone, you know...

Re:So I have to disable my audo hardware now? (1)

bill_mcgonigle (4333) | about 10 months ago | (#45525791)

Thanks guys (and gals if there are any working on this) for making my life harder...

If it's nothing new, why does it make your life harder? Ah-ha!

What? (0)

Anonymous Coward | about 10 months ago | (#45516951)

No one can hear this going on?

Sound off (1)

Impy the Impiuos Imp (442658) | about 10 months ago | (#45517009)

OH. MY. GOD. Air gaps.

I thought my tinfoil hat was sufficient, but you're telling me I now have to worry about sounds going in my ears that modify my behavior!?!?!

This is really, really simple to understand (4, Insightful)

Jody Bruchon (3404363) | about 10 months ago | (#45517061)

Without the software required to use the hardware for communication, the communication doesn't work. If your air-gapped computer has not been infected prior to air-gapping, this simply can't work. I can smell conspiracy theorists a mile away with "but what about malicious BIOSes or pre-infected hardware designs or..." and the solution for all of those remains the same: if it's that big of a concern, remove it from the computer. Rip open the laptop and disconnect or desolder the speakers and microphone, and while you're in there you can heat-gun off the magnetics for the network card and all the external USB port connectors. If you're gonna do paranoid, you might as well do it right.

Re:This is really, really simple to understand (1)

mlts (1038732) | about 10 months ago | (#45517207)

I wonder if this would be a niche market for a company. Create an x86 motherboard that is epoxied tight, and the only thing coming out would be a serial port, a power port, a MicroSD card slot for the OS, and a SD card to handle data.

Maybe another version might have a USB connector for the keyboard and mouse (with the BIOS limiting the devices connected to those ports to just HIDs), and a VGA connector for the monitor.

Stick all this in a tamper-resistant aluminum case, and it might sell as a poor man's HSM for RSA keys. Copy what needs to be signed onto the SD card, sign it, copy it off.

Re:This is really, really simple to understand (0)

Anonymous Coward | about 10 months ago | (#45519431)

And yet, if you buy a new Intel chip, they'll include a cell modem for free! http://www.popularresistance.org/new-intel-based-pcs-permanently-hackable/

Re:This is really, really simple to understand (1)

Jody Bruchon (3404363) | about 10 months ago | (#45525477)

Won't do much good with no antenna. Find the trace for it and cut it.

Re:This is really, really simple to understand (1)

VortexCortex (1117377) | about 10 months ago | (#45520859)

I think I'll call it: System on a Chip. Or, just get an old beige box x86 with no USB -- Has serial ports, no sound card, etc.

Look, the problem is that provably secure operating systems and software are possible to create, but prohibitively expensive to create and maintain. Before some nutter harps on about a "halting problem": No, stop it. Computers have FINITE state. I have written drivers (and small embedded OSs) that are mathematically provably secure. Every combination of inputs (expected or otherwise) to every interface and function work exactly as they should and no unexpected code execution vulnerabilities exist. It's expensive as hell, but it actually can be done. Provable security can be done at larger scales too. The problem is that as long as we're prioritizing newer and shittier exploitable code over provably secure code we'll have these software problems.

As to the matter of routing out Ken Thompson Microcode Hacks -- Well, there's answers to that too which are just as expensive.

TL;DR: Your shit's insecure only because you accept it to be that way.

Re:This is really, really simple to understand (1)

bill_mcgonigle (4333) | about 10 months ago | (#45525673)

As to the matter of routing out Ken Thompson Microcode Hacks -- Well, there's answers to that too which are just as expensive.

Doing provably secure is one thing, but just having open, auditable code would be a great leap forward. We can be sure that the AMI BIOS contains bugs and reasonably sure that the NSA has copies of that source in their lab.

Then, maybe somebody can work on taking the open code and working through it one function at a time to secure it.

Re:This is really, really simple to understand (1)

bill_mcgonigle (4333) | about 10 months ago | (#45525593)

a MicroSD card slot for the OS

Why would you trust the MicroSD controller to not inject a known attack when presented with a special sequence of input that can be hidden in a filesystem structure?

Re:This is really, really simple to understand (1)

bill_mcgonigle (4333) | about 10 months ago | (#45525607)

If you're gonna do paranoid, you might as well do it right.

What's the point? We all know that Intel puts special logic in that changes the operation of the CPU given certain parameters. That's why Intel RdRand isn't directly accessible but has to be accessed through the hashing logic unit. That way They just have to sneak in a small bit of malware that will hose up your RNG and then your keys can be trivially cracked into the future.

Then we have the news [mit.edu] that GCC has been compromised for years, and all of the linux distros need to be completely recompiled (that's gonna hurt the mirrors).

(apply Poe's Law liberally but don't miss the broader point)

Anyone remember bus radio? (2)

TheCarp (96830) | about 10 months ago | (#45517257)

Not only is it not new, I remember almost 10 years ago now, somebody had demonstrated that he could slam the bus in such a way as to generate radio signals that he could pick up on a nearby reciever.

There was even a slashdot story about it back then, but damned if I can find anything on it now. Pretty sure it was only a one way channel but, depending on the circumstances, that could be enough.

Re:Anyone remember bus radio? (1)

Anne Thwacks (531696) | about 10 months ago | (#45518947)

That was standard practice on the PDP8 in the 1970s. There were even compilers to produce music that way. There was always a radio ontop the computer so you could tell if it got in a loop (constant frequency). Some people even knew which loop by the tone! (Cue Newton-Raphson agorithm approaching solution with a recognisable whine!)

Re:Anyone remember bus radio? (0)

Anonymous Coward | about 10 months ago | (#45521245)

The TI-83+ calculator will give you beeps and buzzes that can be picked up with an AM radio placed suitably close. I think someone managed to use it to play music.

RaspberryPi FM Transmitter (0)

Anonymous Coward | about 10 months ago | (#45522733)

FM radio transmissions are possible on the R.Pi by toggling the spread-spectrum setting of a clock output pin.

http://www.icrobotics.co.uk/wiki/index.php/Turning_the_Raspberry_Pi_Into_an_FM_Transmitter

Re:Anyone remember bus radio? (1)

bill_mcgonigle (4333) | about 10 months ago | (#45525659)

Neat. That's awfully useful for the Tempest van parked down the street, but for in-house peer to peer leakage you'd need an radio receiver on the other machine.

Don't get me wrong, I can't wait to have SDR's on every device I buy, but this one is a risk worth appreciating.

Soon(tm) (1)

lapm (750202) | about 10 months ago | (#45517381)

If malware dint use it before, its sure going to use it soon enough after this paper.

Re:Soon(tm) (0)

Anonymous Coward | about 10 months ago | (#45522217)

If malware dint use it before, its sure going to use it soon enough after this paper.

Most malware isn't going to have any real need for such systems.
You can send all the acoustic network data you want, if the machines within range don't have software to support such a mechanism they simply won't pay any attention to it... it'll just be like any other noise coming into the mic. So unless your air-gapped machine is already compromised, you really don't have to worry (much) about this type of technique.
It's more of a worry for people who are concerned about a system getting infected, then transmitting data one-way to an external system, or a nearby system which isn't secured as heavily for further relay to an external listening device.

In terms of most malware, all this would do is give them an alternate communication channel which could help them avoid things like network-based intrusion detection systems. But frankly speaking it's going to be easier to hide your comms inside normal-looking network traffic than it is adding some type of network capability to the audio system.

Finally, offices (0)

Anonymous Coward | about 10 months ago | (#45517679)

Finally employers are motivated enough to offer silent office spaces for every employee. The silence of the machines is a desirable feature, even without Jodie Foster - Arnold Schwarzenegger team-up.

BadBIOS? (1)

Peter Simpson (112887) | about 10 months ago | (#45517851)

Interesting timing, considering the recent exposure (and debunking?) of BadBIOS "acoustical networking".

Re:BadBIOS? (0)

Anonymous Coward | about 10 months ago | (#45520153)

Actually the BadBIOS guy was referencing these guys. ./ is just lagging behind.

"utilizing the near ultrasonic frequency range" (1)

twmcneil (942300) | about 10 months ago | (#45517949)

So, dogs will bark constantly when these devises are attempting to communicate? Bring Rover in to work with you. Problem solved.

Out With This so Fast? (0)

Anonymous Coward | about 10 months ago | (#45519083)

A few weeks ago, we all read about a new form of malware that uses acoustics, and now we have "researchers" doing writeups and building networks so soon? Hmmm. Something smells fishy here.

Finally a rational explantion (1)

deviated_prevert (1146403) | about 10 months ago | (#45519371)

Why my network crashed when I farted!

not going to be very fast (1)

johnrpenner (40054) | about 10 months ago | (#45519609)

back in the day — with TRS80 300 baud cassette loading — we thought 300 bps was pretty SSSSLLLOOOWWW..

they managed the blazing speed 20bps (bits per second) at 3 meters using 18khz carrier frequency — and that had a faint clicking sound.

20 bps is slower than most people type — you're not going to be transmitting any high-res jpeg images this way..

good enough to capture and transmit a password though, or to do command-control type actions.

heh heh — transmitting a spy app between nodes as a payload could take weeks..

when they made it quieter so you couldnt hear the slight clicking sound — the range was http://www.jocm.us/uploadfile/2013/1125/20131125103803901.pdf

Been there, done that (1)

Webmoth (75878) | about 10 months ago | (#45523631)

"Covert acoustical mesh networks"?!? Housewives invented this thousands of years ago, only back then they called it "gossip."

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?