杏吧原创

Can a computer virus communicate via your speakers?

A cyber-security expert says that his "air-gapped" computers have exchanged malware through ultrasound. If he's right, we'd better watch out
Look who's talking now: air gap? what air gap...
Look who鈥檚 talking now: air gap? what air gap鈥
(Image: Credit: Purestock/Alamy)

Dragos Ruiu first became suspicious when he was installing a new version of Apple鈥檚 OS X onto his MacBook. Unasked, his laptop also started to update its BIOS 鈥 which boots up the OS and choreographs use of disc drives and memory. In the three years since, Ruiu鈥檚 computers have continued to do strange things 鈥 even when unplugged and with the Wi-Fi and Bluetooth switched off. He now believes that hidden viruses on his machines are being controlled via ultrasound signals broadcast from one infected computer to another.

The incredible claims made by Ruiu, a respected computer security researcher from Vancouver, Canada, have the world of cyber security. Some doubt this sonic 鈥渂ackdoor鈥 can be genuine 鈥 no one has yet tracked down computer code that can generate the audio. Although Ruiu鈥檚 claim remains unproven, others say that audio-based malware is a very real possibility.

The row started on 15 October when Ruiu posted that a high-pitched whine in his home sound system was not, as he鈥檇 suspected, being caused by electrical noise from his home wiring. Instead, his tests showed it was probably being caused by interference from ultrasonic audio being transmitted between the loudspeakers and microphones of nearby computers. He also found that the ultrasound broadcasts ceased when the receiving computer鈥檚 microphone was disabled.

鈥淲e have recorded high-frequency audio signals between our computers and have seen the computers mysteriously change their configuration even when they don鈥檛 have network connections, Wi-Fi cards or Bluetooth cards,鈥 Ruiu told New 杏吧原创. 鈥淎nd we ran them on batteries so they were not receiving anything though the power lines.鈥

Mind the gap

If Ruiu is right, it means that malware, which he has called 鈥渂adBIOS鈥, has somehow been installed in one of his computer鈥檚 chips, only to lie dormant until an audio signal wakes it up. No malicious code has so far been found on Ruiu鈥檚 鈥渋nfected鈥 machines. 鈥淭his is all conjecture until forensic analysis finds something,鈥 he admits. Whether or not a virus is found this time, it raises the disturbing prospect of audio controlling malware between 鈥渁ir-gapped鈥 computers 鈥 those with no electronic or wireless connections. Until now, most people thought this was an ultra-secure way to operate.

鈥淢alware, as well as legitimate software, can use any kind of signals and inputs to activate and modify its operation, so that would certainly extend to audio inputs,鈥 says Ralph Langner, who is based in Hamburg, Germany, and discovered how the Stuxnet worm attacked Iran鈥檚 nuclear fuel enrichment facilities.

But making audio malware would be far from simple because of its 鈥渦nreliable鈥 transmissions through the air and walls, says Boldi Bencs谩th of the CrySys security lab in Budapest, Hungary. He says the widely varying specifications of sound cards would make it hard to ensure malicious instructions were received by all types of computer. 鈥淢aybe it could work for slowly sending a few bits per minute, but it won鈥檛 work for downloading terabytes,鈥 he says. But that might be all it needs to send control information.

Orla Cox, security operations manager with antivirus firmlab in Dublin, Ireland, agrees that audio control of malware between computers is theoretically possible. 鈥淵ou鈥檇 only use this for sophisticated attacks to get into somewhere that was highly secured. It would probably need a sophisticated, well resourced attack. It would also require a lot of skill 鈥 and most people out there are not that skilled.鈥

Stuxnet, Cox says, is thought to have jumped the secure air gap at Iran鈥檚 Natanz nuclear plant by using a mix of social engineering and Windows vulnerabilities: infected USB sticks distributed locally were picked up and used by off-duty staff 鈥 and a Windows autorun function ran Stuxnet when the sticks were later plugged into PCs inside the nuclear plant.

It would be a 鈥渂ig deal鈥, Cox says, if Ruiu is right. 鈥淚f badBIOS can jump air gaps with audio it would be the most sophisticated piece of malware we have seen. Stuxnet is the only other piece of malware that has jumped air gaps before.鈥

Topics: Computer crime