Computers Hacked Using High-Frequency Sound

Computers Can Be Hacked Using High-Frequency Sound:

Computers Can Be Hacked Using High-Frequency Sound

Computers Can Be Hacked Using High-Frequency Sound

 

 

Using the microphones and speakers that come standard in many of today’s laptop computers and mobile devices, hackers can secretly transmit and receive data using high-frequency audio signals that are mostly inaudible to human ears, a new study shows.

Michael Hanspach and Michael Goetz, researchers at Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently performed a proof-of-concept experiment that showed that “covert acoustical networking,” a technique which had been hypothesized but considered improbable by most experts, is indeed possible.

“If you have a high demand for information security and assurance, you would need to prepare countermeasures,” Hanspach wrote in an email to Inside Science.

In particular, it means “air-gapped” computers — that is, computers that are not connected to the Internet — are vulnerable to malicious software designed to steal or corrupt data.

“This is indeed a newsworthy development,” said retired Navy Capt. Mark Hagerott, a cybersecurity professor at the U.S. Naval Academy in Annapolis, Md.

“These arms races between defensive and offensive advanced technologies have been going on for [a long time], but now, with the low cost of writing code, it may get progressively more challenging to defend against,” said Hagerott, who was not involved in the study.

Secret transmissions

In their experiments, Hanspach and Goetz were able to transmit small packets of data between two air-gapped Lenovo business laptops separated by distances of up to about 65 feet (20 meters). Moreover, by chaining additional devices that picked up the audio signal and repeated it to other nearby devices, the researchers were able to create a “mesh network” that relayed the data across much greater distances. Importantly, the researchers were able to emit and record the ultrasonic and near-ultrasonic frequencies, which cannot be detected by humans, using the sound processor, speakers and microphone that came standard with the laptops.

The researchers experimented with a variety of software, but the best one was a program originally developed to transmit data acoustically under water. Created by the Research Department for Underwater Acoustics and Geophysics in Germany, the so-called adaptive communication system modem proved more reliable than the other techniques, but it had one significant drawback: it could only transmit data at a paltry rate of about 20 bits per second — a tiny fraction of today’s standard network connections.

While not practical for transmitting video or other large files, this low transmission rate is still sufficient for sending and receiving keystrokes and other sensitive data such as private encryption keys or login credentials.

“If you have small-sized files of high value, you do not want to take the risk,” Hanspach suggests.

Historical parallels

The low transmission rate would also suffice to send an electronic signal to a malware program that had been inadvertently installed — through a tainted USB stick, for example — onto an air-gapped computer and trigger an electronic attack, said Hagerott.

Moreover, Hagerott said, if history is any guide, it will only be a matter of time before someone refines the technique and increases its maximum transmission rate.

“Once you demonstrate that you can do something like this, other people will keep enhancing it,” Hagerott said.

Hagerott also saw parallels between the current cyber arms race and the contest between real-world arms races of past eras. For example, experts once declared that there was no way a plane could sink a battle ship.

“They said, the planes weren’t big enough, but then they got bigger and began carrying bigger bombs. But sadly, the experts didn’t fully absorb this lesson until two British battleships in 1941 were sent to the bottom,” Hagerott said.

Countermeasures

Military history also suggests that countermeasures will eventually be developed against the new security threat that Hanspach and Goetz demonstrated. In their paper, the researchers themselves suggest several that might work. For example, one could simply switch off the audio input and output of devices, or use audio-filtering techniques to block high-frequency audio signals.

Devices running the Linux could implement the latter technique using tools that have already been developed for the operating system, the researchers write. They also propose the use of an “audio intrusion detection guard,” a device that Hanspach and Goetz said would “forward audio input and output signals to their destination and simultaneously store them inside the guard’s internal state, where they are subject to further analyses.”

Oftentimes, though, the weakest links in cyber security systems are not hardware or software, but the humans who interact with them. For example, the Stuxnet virus that spread to air-gapped machines in the Iranian Natanz nuclear facilities and the Conficker digital worm that turned millions of PCs into a giant botnet in the city of Manchester, England, are believed to have been spread when employees used infected USB sticks.

 

Hacking Brain For Under $300

Your Brain Can Now Be Hacked For Under $300:

Your Brain Can Now Be Hacked For Under $300

Your Brain Can Now Be Hacked For Under $300

Cyberpunk and sci-fi films like the Matrix and Brainstorm play around with the idea of gaining access to the human mind. It’s easy to hack a computer, but most people always thought that hacking the human brain was impossible. As it turns out, it’s entirely possible and really cheap to boot. Researchers at Usenix Security Conference have proven that it’s now possible to hack the human brain. What’s terrifying is that it doesn’t require any kind of expensive hardware or technical knowhow. In fact, you could hack somebody’s brain right now for a little under $300. The researchers used a brain computer interface which are commonly used in research that scans brain patterns. The technology has been in use for many years now, but only recently did it come down drastically in price. The current models allow users to control their computers with their thoughts, but the researchers have proven that it goes both ways. The team built a piece of custom software that can essentially read your mind. They were able to effectively use the software combined with the brain scanner to extract sensitive data including, but not limited to, credit card PINs, address, month of birth and more. Thankfully, they were only able to achieve a success rate of 10 to 40 percent. It’s pretty bad when they were successful though. They were able to easily work out private information that only you should know. Of course, you can easily guard against it by not thinking about it. The only problem is that we subconsciously think about a lot of things, including private matters. It’s quite different from what we see in sci-fi films, but the era of brain hacking may soon be upon us. The police and other authorities may be able to get confessions out of people far more easily if it goes into wide spread use. The researchers also warn that hackers could make brain controlled games that make it easier for them to extract sensitive data while you’re busy having fun.