Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   Computers are now talking about us behind our backs...and spreading viruses   (arstechnica.com ) divider line
    More: Followup, Fraunhofer Institute, hardware design, audio signal, error correction, network connections, encryption key, bit rate, keystrokes  
•       •       •

1282 clicks; posted to Geek » on 04 Dec 2013 at 8:30 AM (2 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



29 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2013-12-04 08:32:13 AM  
... computers are sexually promiscuous high school girls?
 
2013-12-04 08:38:42 AM  

Marine1: ... computers are sexually promiscuous high school girls?


Well, unlike the high school girls, the computers will actually let you touch them.
 
2013-12-04 08:39:18 AM  
This story was around some time ago. Apparently all it takes to infect a machine using its microphone is to install special software on the target that taps the microphone and provides the required signal processing and TCP stack interface.

In other words, you need to install malware on the target machine in order to infect it with malware.
=Smidge=
 
2013-12-04 08:41:28 AM  

fang06554: Marine1: ... computers are sexually promiscuous high school girls?

Well, unlike the high school girls, the computers will actually let you touch them.


That's the problem. They let too many people touch them.
 
2013-12-04 09:01:36 AM  

Smidge204: This story was around some time ago. Apparently all it takes to infect a machine using its microphone is to install special software on the target that taps the microphone and provides the required signal processing and TCP stack interface.

In other words, you need to install malware on the target machine in order to infect it with malware.
=Smidge=


I was wondering about that.  Would disabling the microphone act as an anti-virus?
 
2013-12-04 09:01:45 AM  

Smidge204: This story was around some time ago. Apparently all it takes to infect a machine using its microphone is to install special software on the target that taps the microphone and provides the required signal processing and TCP stack interface.

In other words, you need to install malware on the target machine in order to infect it with malware.
=Smidge=


Way to miss the point in spectacular fashion. They're not talking about using the audio channel to infect a new host, instead it's a new way for an airgapped host that was already infected (say from a dodgy usb stick) to be able to transmit infected data across to another already infected host which does have an internet connection.

It's not uncommon for airgapped and networked desktop machines to be sat pretty close to each other in a secure office.
 
2013-12-04 09:12:33 AM  

DammitIForgotMyLogin: Smidge204: This story was around some time ago. Apparently all it takes to infect a machine using its microphone is to install special software on the target that taps the microphone and provides the required signal processing and TCP stack interface.

In other words, you need to install malware on the target machine in order to infect it with malware.
=Smidge=

Way to miss the point in spectacular fashion. They're not talking about using the audio channel to infect a new host, instead it's a new way for an airgapped host that was already infected (say from a dodgy usb stick) to be able to transmit infected data across to another already infected host which does have an internet connection.

It's not uncommon for airgapped and networked desktop machines to be sat pretty close to each other in a secure office.


Simple solution to the airgap vulnerability: vacuum!

Just run the vacuum cleaner all the time so it's too noisy for this method to work.
 
2013-12-04 09:32:32 AM  

DammitIForgotMyLogin: Way to miss the point in spectacular fashion.


No, I don't think I missed the point. I'm clarifying the point poorly made by the article and poorer still by the article's headline: that the machine needs to be infected by some other means before the "air gap" attack can be used.
=Smidge=
 
2013-12-04 10:16:36 AM  

DammitIForgotMyLogin: say from a dodgy usb stick


Which isn't terribly uncommon, what with humans being curious beasts...

Lochsteppe: Just run the vacuum cleaner all the time so it's too noisy for this method to work.


Your idea sucks.

/ba dum bum bssh
 
2013-12-04 10:54:22 AM  

Smidge204: DammitIForgotMyLogin: Way to miss the point in spectacular fashion.

No, I don't think I missed the point. I'm clarifying the point poorly made by the article and poorer still by the article's headline: that the machine needs to be infected by some other means before the "air gap" attack can be used.
=Smidge=


Yep.

But unless you never, ever use the air-gapped machine within acoustic range, or you completely disable the speaker or microphone, it's a possible vulnerability because the only real reason to "air-gap" a machine is so that you can encrypt/decrypt sensitive data without having to worry about the plaintext being compromised by a keylogger or some other undetected malware.

Of course, if you manually encrypt and decrypt, you won't have that problem, but I admit that it is a bit more tedious than letting the computer do it for you.
 
2013-12-04 11:08:52 AM  

xanadian: Lochsteppe: Just run the vacuum cleaner all the time so it's too noisy for this method to work.

Your idea sucks.

/ba dum bum bssh


Possibly in more ways than one.

First, we don't know if a vacuum cleaner produces enough noise to overcome this.  Some methods of transmitting data are very, very good at overcoming interference, and the low data rate of this one suggests that it might be noise resistant.

Also, a low data rate isn't necessarily much of a handicap:  If you leave the computers on and in the same room, as many of us are wont to do, if it takes a couple hours to transmit a megabyte of data, so what?  Write the malware to detect when the computer isn't being used, and just have it transmit the data during those times.  Unless it's being used 24/7, that's likely good enough to transmit most things.
 
2013-12-04 11:10:12 AM  
I'm not throwing my BS flag, but I'm definitely throwing my "skeptical" flag.   What is the frequency response of a computer speaker?   What is the frequency response of a typical microphone?   I'm an old man so if it's above 13KHz I guess I might not hear it.   But some of you whippersnappers are sure to say "what the hell is my laptop doing?"

I seriously have my doubts that this is realistic up above 18KHz where it probably needs to be.
 
2013-12-04 11:31:02 AM  

Smidge204: DammitIForgotMyLogin: Way to miss the point in spectacular fashion.

No, I don't think I missed the point. I'm clarifying the point poorly made by the article and poorer still by the article's headline: that the machine needs to be infected by some other means before the "air gap" attack can be used.


Yes.  It'd also need to be relatively quiet around where these machines are for it to work unless this thing is carrying around some hefty signal processing capabilities.

If this is the 'virus' I read about a month or so ago there is a lot of debate as to if the guy is actually retarded or not as at one point in his write up of it he does state that the machines were mysteriously infecting each other; he applied Occam's razor and decided they were talking over the speakers/microphone... then discovered years later he was using an infected USB drive.
 
2013-12-04 11:39:07 AM  

Smidge204: This story was around some time ago. Apparently all it takes to infect a machine using its microphone is to install special software on the target that taps the microphone and provides the required signal processing and TCP stack interface.

In other words, you need to install malware on the target machine in order to infect it with malware.
=Smidge=


So you're saying it's a hell of a good way to infect systems that are secluded from the wider internet, and makes social engineering attacks more interesting so long as you can sneak in say, an infected USB flash drive, or hell just a less secure computer that's close enough to compromise something really important.
 
2013-12-04 11:40:33 AM  
Echo
Echo
Echo
Echo

Echo
Echo
Echo
Echo

Echo
Echo
Echo
Echo

Echo
Echo
Echo
Echo
 
2013-12-04 11:44:17 AM  

simusid: I'm not throwing my BS flag, but I'm definitely throwing my "skeptical" flag.   What is the frequency response of a computer speaker?   What is the frequency response of a typical microphone?   I'm an old man so if it's above 13KHz I guess I might not hear it.   But some of you whippersnappers are sure to say "what the hell is my laptop doing?"

I seriously have my doubts that this is realistic up above 18KHz where it probably needs to be.


It doesn't have to be super-efficient, it just has to work.  If the signal is 15 or 20 db down at 20 kHz from what it would be at 10 kHz, well, so what?  That just limits your range, but we're only talking about 65 feet here.

Plus, it uses a very low data rate, just 20 bits per second, or 20 baud.  That's the equivalent of speedy hand-keyed Morse code with a straight key (~26 wpm).  I can copy that speed by ear.

As another datapoint, my first modem, purchased in the mid-1980s, was 300 baud, which is 15 times faster.

When you use a very data rate, you can have a signal level that is much, much lower and still manage to communicate effectively.  That is the theory behind weak signal ham radio modes like Olivia and JT65.
 
2013-12-04 11:45:04 AM  

dittybopper: When you use a very *LOW* data rate,


FTFM.
 
2013-12-04 11:50:30 AM  

Vaneshi: Smidge204: DammitIForgotMyLogin: Way to miss the point in spectacular fashion.

No, I don't think I missed the point. I'm clarifying the point poorly made by the article and poorer still by the article's headline: that the machine needs to be infected by some other means before the "air gap" attack can be used.

Yes.  It'd also need to be relatively quiet around where these machines are for it to work unless this thing is carrying around some hefty signal processing capabilities.

If this is the 'virus' I read about a month or so ago there is a lot of debate as to if the guy is actually retarded or not as at one point in his write up of it he does state that the machines were mysteriously infecting each other; he applied Occam's razor and decided they were talking over the speakers/microphone... then discovered years later he was using an infected USB drive.


That's as may be, but the capability is there, as this work proves.

And if some paranoid guy can give the idea to scientists who look into it and find it possible to do relatively quickly, what makes you think the NSA, GCHQ, BND, etc. haven't thought of it years ago?
 
2013-12-04 11:52:16 AM  

2wolves: Echo
Echo
Echo
Echo

Echo
Echo
Echo
Echo

Echo
Echo
Echo
Echo

Echo
Echo
Echo
Echo


Pinch hitting for Pedro Borbon, Manny Mota Mota Mota
 
2013-12-04 12:02:34 PM  

dittybopper: Plus, it uses a very low data rate, just 20 bits per second, or 20 baud.  That's the equivalent of speedy hand-keyed Morse code with a straight key (~26 wpm).


Just in case anyone challenges me on the math here, here is my reasoning.

The smallest element in Morse is a 'dit' (dot).  The longer element, the 'dah' (dash), is 3 times longer than the 'dit'.  The spaces between elements in a character is the same length as a dit, and the spacing between characters is the same length as a 'dah'.

The canonical word for measuring the speed of Morse is the word "PARIS".  The words per minute is how many times you can sent "PARIS" in one minute.

So, this is PARIS, in Morse, broken up into 'bits':

|    P        |  A    |  R      | I   |  S
1wE11^WE^U000
1234567890123456789012345678901234567890123456
0        1         2         3         4


It takes 46 'bits' to transmit PARIS.  At 20 bits per second, it would take 2.3 seconds to transmit PARIS.  Dividing 60 seconds in a minute by 2.3, we get about 26 words per minute.
 
2013-12-04 12:05:39 PM  

dittybopper: |    P        |  A    |  R      | I   |  S
1wE11^WE^U000
1234567890123456789012345678901234567890123456
0        1         2         3         4


Sometimes I really *HATE* the fark filter.

Here it is with 0's and 1's replaced with dashes and underlines:

-_---_---_-___-_---___-_---_-___-_-___-_-_-___
1234567890123456789012345678901234567890123456
0        1         2         3         4
 
2013-12-04 12:09:03 PM  

dittybopper: And if some paranoid guy can give the idea to scientists who look into it and find it possible to do relatively quickly, what makes you think the NSA, GCHQ, BND, etc. haven't thought of it years ago?


Because, in all honesty, why bother?  You're already living in a world where these organisations have, allegedly, tapped most of the big data centre's and where your average employee will divulge their work login for a chocolate bar.  It would be simpler, more effective and less prone to issues to simply send a warm body in to the building or pay off an employee to feed you the data on the off-line machine.

It also necessitates that the machines involved will have speakers and microphones on them, a lot of desktop machines don't have them attached and it's more common to find headphones being used.

I'm reasonably certain that anywhere with off-line machines those named organisations have an interest in has already been infiltrated.

Sure it's an interesting curio but not an especially new one, it does basically turn the audio subsystem of a computer in to a modem and HAM's have been lashing that up for donkey years.  Although my money is on the HAM's having higher throughput and range but that goes without saying.
 
2013-12-04 12:52:44 PM  
simusid:I seriously have my doubts that this is realistic up above 18KHz where it probably needs to be.

I just tried it using a tone-generator program on my Macbook and a spectrum analyzer on my N900 phone. At 18 kHz I can walk around the room and see a clear signal. There's still something at 19 kHz but the range is much less, and by 20 kHz I have to be holding the phone right in front of the laptop.
 
2013-12-04 01:07:48 PM  

Vaneshi: dittybopper: And if some paranoid guy can give the idea to scientists who look into it and find it possible to do relatively quickly, what makes you think the NSA, GCHQ, BND, etc. haven't thought of it years ago?

Because, in all honesty, why bother?  You're already living in a world where these organisations have, allegedly, tapped most of the big data centre's and where your average employee will divulge their work login for a chocolate bar.  It would be simpler, more effective and less prone to issues to simply send a warm body in to the building or pay off an employee to feed you the data on the off-line machine.

It also necessitates that the machines involved will have speakers and microphones on them, a lot of desktop machines don't have them attached and it's more common to find headphones being used.

I'm reasonably certain that anywhere with off-line machines those named organisations have an interest in has already been infiltrated.

Sure it's an interesting curio but not an especially new one, it does basically turn the audio subsystem of a computer in to a modem and HAM's have been lashing that up for donkey years.  Although my money is on the HAM's having higher throughput and range but that goes without saying.


Yes, we do. :-)

As for the first point you make, I can think of a few people the NSA and GCHQ might want to use this sort of capability against:  Edward Snowden and Glenn Greenwald, for starters.   They are known to air-gap the machines they encrypt and decrypt on.

Hypothetically, if the NSA could manage to plant a trojan on, say Glenn Greenwald's or Ed Snowden's "public" computers, and those computers were in the same room as their air-gapped machines, and they use a USB stick to transfer the data back and forth, the NSA could write the trojan to insert itself on to any USB stick that is connected to the infected public computer, and from there get on a non-infected computer.  It could then use the audio data transfer utility to send any private or public keys it discovers to the connected machine.

Once both machines are infected, it doesn't matter if you change USB sticks, or got to a different method of transfer altogether:  So long as the machines are in the same room, they'll have the ability to pull the public and private keys off of the air-gapped machine, and that will allow them to decrypt all the communications.
 
2013-12-04 01:54:22 PM  

Ivo Shandor: simusid:I seriously have my doubts that this is realistic up above 18KHz where it probably needs to be.

I just tried it using a tone-generator program on my Macbook and a spectrum analyzer on my N900 phone. At 18 kHz I can walk around the room and see a clear signal. There's still something at 19 kHz but the range is much less, and by 20 kHz I have to be holding the phone right in front of the laptop.


If it has a "waterfall" mode, try that.  Also, a longer integration time might help.  Weak signal modes effectively use longer integration times to increase the signal-to-noise ratio of weak signals.

For example, under optimum conditions, JT9 (a weak signal ham radio mode) can decode a signal that is 27 dB below the noise level in a 2.5 kHz bandwidth.
 
2013-12-04 02:07:25 PM  

Ivo Shandor: simusid:I seriously have my doubts that this is realistic up above 18KHz where it probably needs to be.

I just tried it using a tone-generator program on my Macbook and a spectrum analyzer on my N900 phone. At 18 kHz I can walk around the room and see a clear signal. There's still something at 19 kHz but the range is much less, and by 20 kHz I have to be holding the phone right in front of the laptop.

Well in the words of Principal Seymour Skinner, "prove me wrong children.   Prove me wrong!"   That is very interesting.   Good job :)

//not the Principal of the line

 
2013-12-04 07:30:18 PM  

dittybopper: Vaneshi: dittybopper: And if some paranoid guy can give the idea to scientists who look into it and find it possible to do relatively quickly, what makes you think the NSA, GCHQ, BND, etc. haven't thought of it years ago?

Because, in all honesty, why bother?  You're already living in a world where these organisations have, allegedly, tapped most of the big data centre's and where your average employee will divulge their work login for a chocolate bar.  It would be simpler, more effective and less prone to issues to simply send a warm body in to the building or pay off an employee to feed you the data on the off-line machine.

It also necessitates that the machines involved will have speakers and microphones on them, a lot of desktop machines don't have them attached and it's more common to find headphones being used.

I'm reasonably certain that anywhere with off-line machines those named organisations have an interest in has already been infiltrated.

Sure it's an interesting curio but not an especially new one, it does basically turn the audio subsystem of a computer in to a modem and HAM's have been lashing that up for donkey years.  Although my money is on the HAM's having higher throughput and range but that goes without saying.

Yes, we do. :-)

As for the first point you make, I can think of a few people the NSA and GCHQ might want to use this sort of capability against:  Edward Snowden and Glenn Greenwald, for starters.   They are known to air-gap the machines they encrypt and decrypt on.

Hypothetically, if the NSA could manage to plant a trojan on, say Glenn Greenwald's or Ed Snowden's "public" computers, and those computers were in the same room as their air-gapped machines, and they use a USB stick to transfer the data back and forth, the NSA could write the trojan to insert itself on to any USB stick that is connected to the infected public computer, and from there get on a non-infected computer.  It could then use the audio data transfer utility to se ...


This implies the NSA is good at their job.
 
2013-12-04 09:21:59 PM  

Smidge204: This story was around some time ago. Apparently all it takes to infect a machine using its microphone is to install special software on the target that taps the microphone and provides the required signal processing and TCP stack interface.

In other words, you need to install malware on the target machine in order to infect it with malware.
=Smidge=


This. Neat experiment, but it's inherently worse than the viruses that are already  out there as far as spreading is concerned..
 
2013-12-04 10:36:11 PM  

Rockstone: This implies the NSA is good at their job.


I used to work for them (google what a "ditty bopper" is).  Trust me, they are *GOOD* at their job.

I had the most high-tech equipment that someone in the 1980s could imagine at my disposal to monitor half-literate peasant conscripts banging on the straight key of an old tube transmitter, when all I really needed was a 1950's era R-390 and a hundred feet of wire strung up into some trees.

I can only assume that what they have today is similarly advanced.
 
Displayed 29 of 29 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report