New Malware Prototype Doesn't Need Internet Access to Run Amok
In the future, simply disconnecting your computer from the Internet may not be enough to prevent unwanted folks from snooping around on your machine. Researchers in Germany have discovered a new way to transmit information between computers infected with a proof-of-concept malware prototype that doesn’t need to be connected to the web to run amok, ArsTechnica reports.
Researchers from the Fraunhofer Institute for Communication, Information Processing, and Ergonomics (FKIE) were able to modify software, originally created to improve underwater communications, to be used as a new form of hacking. All the software needs is a computer’s microphone and speakers, which can be used to relay sensitive information like keystrokes.
From IDG News Service, via Network World:
The data was transmitted using two different acoustical modem software applications called Minimodem and Adaptive Communication System (ACS) modem, the latter delivering the best results. On the network layer, the researchers used an ad-hoc routing protocol called GUWMANET (Gossiping in Underwater Mobile Ad-hoc Networks) that was developed by FKIE for underwater communication.
The researchers built an acoustical mesh network of five laptops that relayed messages to each other using audio transmissions in order to show that an attacker can jump network air gaps to extract data from computers infected with malware that are isolated from the Internet and other untrusted networks.
In the researchers’ paper, which can be downloaded here, the authors state that this method of “acoustical networking as a covert communication technology is a considerable threat to computer security,” as this form of communication was never taken into account during the design of a computer, thus making it prime to manipulate.
While ArsTechnica reports that malware developers will probably skip using this new method for the time being because of the difficulty in actually implementing it in a real-world situation, “engineers in military organizations, nuclear power plants, and other truly high-security environments should no longer assume that computers isolated from an Ethernet or Wi-Fi connection are off limits.”
According to IDG News Service, in order for the prototype malware to be unleashed, it first needs to be installed either by an insider who has access to the computers to be infected or from a contaminated USB stick.
Over at PCWorld, Brad Chacos points out an obvious flaw with this new form of wireless data transmission—it’s extremely slow. Chacos writes that the "malware topped out at a sluggish 20 bits-per-second transfer rate, but that was still fast enough to transmit keystrokes, passwords, PGP encryption keys, and other small bursts of information."
Unfortunately for those worried about security, researcher Michael Hanspach told ArsTechnica that this slow rate of data transmission is still enough to cause potential damage.
This small bandwidth might actually be enough to transfer critical information (such as keystrokes). You don't even have to think about all keystrokes. If you have a keylogger that is able to recognize authentication materials, it may only occasionally forward these detected passwords over the network, leading to a very stealthy state of the network. And you could forward any small-sized information such as private encryption keys or maybe malicious commands to an infected piece of construction.