New research from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests malware once dubbed “badBIOS” allows infected machines to communicate using sound waves alone—no network connection needed.
The malware can transmit information between computers using high-frequency sound waves inaudible to the human ear. Tech duo Michael Hanspach and Michael Goetz successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers with this malware prototype.
This shows that the so-called “air gap” defense—which refers to, leaving computers with critical information disconnected from any networks- could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware.
The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio “mesh” network, similar to the way Wi-Fi repeaters work however this security breach would have to happen first.
Whilst this type of malware is unlikely to be used in everyday hacking, and it is very slow which is a huge disadvantage, it still highlights the vulnerability of air-defense.