Even air gaps are not secure
Even if air gaps were workable in today’s industrial control environment, that could end up being a moot point as there is a malware prototype that uses inaudible audio signals to communicate and covertly transmit sensitive data even when infected machines have no network connection.
Using nothing more than the built-in microphones and speakers of standard computers, researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals.
“The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered,” said Michael Hanspach and Michael Goetz from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics and the authors of a paper on the subject. “We constructed a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range.”
The researchers developed several ways to use inaudible sounds to transmit data between two Lenovo T400 laptops using only their built-in microphones and speakers. The most effective technique relied on software originally developed to acoustically transmit data under water. Created by the Research Department for Underwater Acoustics and Geophysics in Germany, this adaptive communication system (ACS) modem was able to transmit data between laptops as much as 19.7 meters (64.6 feet) apart. By chaining additional devices that pick up the signal and repeat it to other nearby devices, the mesh network can overcome much greater distances.
The ACS modem provided better reliability than other techniques that were also able to use only the laptops’ speakers and microphones to communicate. There was one issue with the technique, and that was a transmission rate of about 20 bits per second, a tidbit of standard network connections. That level of bandwidth does allow for the transmission of video or any other kinds of data with large file sizes. The researchers said attackers could overcome that shortcoming by equipping the Trojan with functions that transmit only certain types of data, such as login credentials captured from a keylogger or a memory dumper.
The smaller level of bandwidth could transfer data such as keystrokes, and that is all a hacker could need to set up an attack. It is one thing to point out the attack, but it is another to also establish how to stop the assault. One defensive measure should be to switch off audio input and output devices. A second approach, according to the paper, is to employ audio filtering that blocks high-frequency ranges.