Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Internet

BadBios malware prototype communicates via microphone

See also

In October, a new malware phenomenon became public. It was so strange that some responses suggested it was a hoax. A new report from two German researchers confirms it's possible for infected systems to communicate over an air gap using sound waves transmitted from a speaker to a microphone.

Computer security consultant Dragos Ruiu spent three years observing the behavior of an unknown strain of malware that he called BadBios. First, a fresh installation of OS X on his MacBook Air spontaneously updated its boot firmware. Then it survived multiple motherboard firmware rewrites, and the machine was able to delete data and undo configurations without prompting the user.

Over the next months, Ruiu noticed encrypted data packets being sent to and from an infected laptop that was nearby but had no traditional network connection. The packets continued to transmit even after removing the Bluetooth and Wi-Fi cards. The internal speaker and microphone were eventually disabled, and the packets suddenly stopped.

In the Journal of Communications report, new research from Michael Hanspach and Michael Goetz noted that “speakers and microphones are also not established as means for communication and are not widely considered in security and network policies." The two researchers were able to demonstrate how audio signals can be used to transmit data between computers without a traditional network connection. The audio mesh-enabled malware is very slow, about 20 bps, but fast enough to use keylogging software.

According to Adam Kujawa of Malwarebytes, it's far more practical to use an infected USB stick to attack air-gapped networks, which is the presumed method used by the Flame and Stuxnet, two of the world's most sinister pieces of malware to date. Infections that imitate BadBios are unlikely to infect consumer computers, but the U.S. Navy are taking the threat seriously. There are currently no methods to protect against this kind of infection, and until now, covert acoustical mesh networks in air haven't been part of the malware lexicon.

Dragos Ruiu organises the annual Pwn2Own hacking contest at CanSecWest, and is expected to reveal more research this year during the conference.

Advertisement

Don't Miss

  • Massive
    Ubisoft Massive exclusive: 'The Division', PS4 & Xbox One, Activision to Ubisoft & more
    Camera
    Games Exclusive
  • iPhone
    Get your wallet ready: The next iPhone could cost $100 more than your last one
    Video
    Tech Buzz
  • Civ
    Need to catch up on 'Sid Meier's Civilization'? Here is everything you need to know
    Camera
    Games Feature
  • Google Glass
    See how Google Glass is letting sick kids go to the zoo without leaving the hospital
    Tech News
  • Upcoming
    These are 2014's biggest PS4, Xbox One and Wii U games
    Camera
    Games Feature
  • Google
    Google has filed for a patent to develop contact lenses capable of taking photos
    Video
    Headlines

User login

Log in
Sign in with your email and password. Or reset your password.
Write for us
Interested in becoming an Examiner and sharing your experience and passion? We're always looking for quality writers. Find out more about Examiner.com and apply today!