Researchers Build Covert Acoustical Mesh Networks In Air 107
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."
Re:Lock down I/O (Score:5, Insightful)
You mean downgrade? what about the old desktop box with no mic, an easily detachable and crappy speaker for beep, no wireless stuff integrated into the CPU as an anti theft device, no official wireless modem, and always-on fans at a fixed speed (to stop in his track the resourceful black hat that one day will try malicious communication over fan freq.).
This is really, really simple to understand (Score:5, Insightful)
Re:Air Gaps are Evil (Score:5, Insightful)
The perfect is the enemy of the good.
Air gaps may not be perfect. If one gets physical access, then things are hosed. However it does do a good job at removing an entire type of attack, i.e. from remote. An attacker would have to have a "boots on the ground" presence in order to get software on the machine to use audio as a media layer with another machine to decode it.
Yes, it can be a threat, but it doesn't completely negate the benefits of air-gapping, and it is still prudent to keep the key signing boxes well off any network.
As always, if someone has access, no matter how sophisticated the defense, it likely can be bypassed somehow.