The Computer Security Threat From Ultrasonic Networks

Computer speakers can broadcast at frequencies nobody can hear. Now security experts have shown how malicious attackers can exploit this to circumvent even the best laid security measures

It’s easy to imagine that computer security experts have a good idea of the kind of attacks they are likely to experience in future. They may not know the details but they should at least know the channels that are vulnerable so that they can allocate security resources accordingly.

Not so. Today, Michael Hanspach and Michael Goetz at the Fraunhofer Institute for Communication, Information Processing and Ergonomics in Germany, reveal an entirely new way to attack computer networks and steal information without anybody knowing.

The new medium of attack is sound. And these guys have already created and tested a covert communications network that uses sound to steal information from ordinary laptops and spirit it away.

This covert communication system relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. “The concept of a covert acoustical mesh network renders many conventional security concepts useless,” they say.

Hanspach and Goetz begin by characterising the audio performance of the Lenovo T 400 laptop with an Intel 82801I HD audio controller, a fairly standard device. Their experiments reveal that these machines can broadcast and receive audio in the low ultrasonic range around 20 kHz, a frequency beyond the normal hearing range of humans.

This method of communication allows a transmission rate of around 20 bits per second over distances of almost 20 m along an ordinary corridor in their labs. The transmissions generally have to be along lines of sight and so aren’t perfect. The transmissions can be blocked by furniture, doors and so on. Hanspach and Goetz say that even people walking around the office can block the line of sight connection and so have an adverse effect on connectivity.

That’s not necessarily a problem given the nature of their network, which resends any transmission that hasn’t been acknowledged. To do this, these guys commandeered a protocol developed for underwater acoustic communication. This handles all of the processes for setting up a network, correcting errors and linking with the physical sound equipment in the laptops themselves.

The team had to make one or two adjustments of course. For example, they increased the frequency used in underwater communication from 4200 Hz to 21 kHz.

Finally, they set up a key logging app which monitors the keystrokes on the laptop and encodes this information for acoustic transmission.

The experiment to test this covert communications system was remarkably successful. They ‘infected’ five laptops which they placed in various rooms adjoining the corridor in their lab and along the corridor itself. “The presented approach to covert acoustical mesh networks allows to transmit messages with a rate of approximately 20 bit/s up to a range of 19.7 m between two connected nodes,” they say.

The idea is that one of these laptops is the victim, three others are infected drones that receive information and pass it on and the last laptop is the attacker that receives secret communication.

“The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached who is now able to read the current keyboard input of the infected victim from a distant place,” they say.

The attacker then sends the recorded data via email, by loading it onto a memory stick or by some other means.

Having demonstrated the effectiveness of this kind of covert communication system, Hanspach and Goetz go on to show how to protect against it. Switching off the microphone and speakers is an obvious possibility but one that is not always practical, given many users’ need to communicate via Skype and such like.

A more flexible option is to use an acoustic filter that prevents the speakers and microphone from operating at ultrasonic frequencies. “We tested a 4-pole lowpass filter and a configured cutoff frequency of 18,000 Hz in the presented experimental setup that effectively prevented inaudible communications,” they say.

Another option is to convert any ultrasonic broadcasts to audible signals that can easily be spotted.

That’s an interesting approach that reveals a significant hole in the thinking behind computer security. “Acoustical networking as a covert communication technology is a considerable threat to computer security,” say Hanspach and Goetz.

This work should allow computer security experts to plug this gap and prevent malicious attackers from ever exploiting this kind of channel. Unless, of course, the attackers are doing it already.

Ref: arxiv.org/abs/1406.1213 : On Covert Acoustical Mesh Networks in Air

Follow the Physics arXiv Blog on Twitter at @arxivblog, on Facebook and by hitting the Follow button below