Researchers: Hacked Computers Can Send Data in Sound Waves
According to a report in Reuters, U.S. security professionals and researchers have devised and demonstrated a hack which proves that standard equipment inside computers, printers and millions of other devices can be hijacked to transmit data via sound waves.
While spy agencies and pioneers in cryptography have looked into irreverent and arcane ways for clandestine activity for decades, the researchers of today, led by Ang Cui at Red Balloon security, demonstrated the hijack to a group of assembled reporters at the annual Black Hat security conference in Las Vegas.
How it Works
Cui confirmed that he would release the “proof-of-concept” code after the conference, ensuring that other researchers and hackers (white-hat and/or malicious attackers) get to test and build on his team’s work.
Here’s how the hijack works:
- The exploit overtakes control of the actual physical prongs on general input/output circuits within the computer.
- After establishing control, the circuits are vibrated at a frequency chosen by the researchers. This leaves vibrations to be audible or inaudible, depending on the frequency.
- These vibrations can then be picked up with a simple AM radio antenna that’s within a short radius of the device.
Dubbed “Funtenna” by Cui, the makeshift transmitting antenna has the means to act as an additional channel that would be hard to detect. This is fundamentally due to the lack of traffic logs or any record of data being transmitted.
Quite simply, hackers would simply require an antenna situated within the vicinity of the machine to pick up on the sound waves. They’d also need to find a way to dismantle the targeted machine and convert the required data to the format suitable for transmission, Cui added.
Cui and his team of researchers have worked on the “Funtenna” for the past two years, proving that modern devices can be manipulated and hijacked in ways that are unheard of. With devices and gadgets becoming more and more complex, attackers will inevitably find more ways to increase their advantage in the battle for cybersecurity.
Images from Shutterstock