back to article Air gapping PCs won't stop data sharing thanks to sneaky speakers

Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitive computer systems less secure. In an academic paper published on Friday through preprint service ArXiv, researchers from Israel's Ben-Gurion University of …

Page:

  1. Paul Crawford Silver badge
    Windows

    Of course slapping a 15kHz analogue filter on all audio ports would also work.

    Grumpy old man who cant hear beyond that now =>

    1. Andrew Commons

      An appreciation of a good bass player is useful as you get older :)

    2. redpawn

      I just blow a dog whistle the whole time the computer is on.

    3. Christian Berger

      "Of course slapping a 15kHz analogue filter on all audio ports would also work."

      Actually no. You could still use lower frequencies. Thanks to spread spectrum technologies you can make that less silent than the fans. All you would hear is a very soft noise from your speakers. You couldn't even be sure if that actually came from the speakers or some fan running at low speed.

      What you can do is of course to install an amplifyer between the sound chip and your speakers/headphones so information can only travel one way and turn off your microphones when you don't need them.

      Also don't run malware and don't allow Javascript to access the sound devices.

  2. Anonymous Coward
    Anonymous Coward

    Before I even clicked the article I knew exactly where this "research" was from. Do tell? How do you get the malware on the air gapped pc in the first place? The point of air gapping a pc is that it never touches the internet, ever. I can't wait till the next exciting episode where they use the mouse laser to send morse code or detect passwords by key sounds.

    1. My other car WAS an IAV Stryker

      "Before I even clicked the article I knew exactly where this "research" was from."

      Yeah, weren't they the ones who tested offloading data optically from hard drive LED flashes?

      1. Anonymous Coward
        Anonymous Coward

        Yep and also power supply hums to steal encryption keys along with the monitor frequency hack that allowed you to extract jpegs using nothing but a camera.

        I'm not sure if I'm projecting my sarcasm properly here, it's difficult when posting anonymously.

        1. ratfox
          Meh

          Probably their next paper will be about extracting data from an air-gapped PC by training a camera at the screen while it displays information.

          1. Andrew Commons

            Re: training a camera at the screen while it displays information

            Just make the screen flicker a bit.

          2. Anonymous Coward
            Anonymous Coward

            Shhh, don't give them ideas, they are master hackers after all.

    2. Petey

      The keyboard sounds one has already been done 8 years ago - https://www.inf.ed.ac.uk/publications/thesis/online/IM100855.pdf

    3. jake Silver badge

      Be nice!

      BGU was ranked between 101st and 150th overall in computer science for four consecutive years!

      (According to The Shanghai Ranking Consultancy's 2015 Academic Ranking of World Universities in Computer Science, whatever the hell that means.)

    4. big_D Silver badge

      The other thing is, most air-gapped PCs don't have speakers attached either, at least in my experience.

      They are there to control some industrial equipment, so they don't generally need speakers (and a majority of late have also been fanless, which knocks out the 2nd attack form)...

      But, yes, the question is, how do you infect the air-gapped PC in the first place? If you have properly air-gapped it, it can't be infected...

      1. Christian Berger

        "But, yes, the question is, how do you infect the air-gapped PC in the first place? If you have properly air-gapped it, it can't be infected..."

        License key update via USB.

    5. Anonymous Coward
      Anonymous Coward

      "How do you get the malware on the air gapped pc in the first place?"

      Quite. And if they've managed that its game over anyway. Also if its a laptop you have full control of you might just as well use the built in microphone to receive data instead of fannying about with the speakers. Thats assuming for some reason the malware can't switch on the built in wifi!

      This research is interesting from a technical point of view but virtually irrelevant from a security one.

    6. Anonymous Coward
      Anonymous Coward

      It's easy to get the malware on these days.

      In the middle of the night, one PC says "Hey Cortana, download https://dodgy.site.com/malware.msi"

    7. This post has been deleted by its author

    8. Stuart Castle Silver badge

      "How do you get the malware on the air gapped pc in the first place? The point of air gapping a pc is that it never touches the internet, ever"

      The problem with that is it only takes one person to make a mistake, and the Malware is in the system. Stuxnet got into a secure Nuclear facility. From what I understand, all it took was for a Siemens engineer to open an infected document on his laptop at home, then plug the laptop into the secure network. Even just plugging a USB into an infected computer, then into an airgapped computer is entirely possible.

  3. Anonymous Noel Coward
    Trollface

    I sometimes like to say "I know you're listening." randomly just to fuck with them.

    1. Anonymous Coward
      Anonymous Coward

      You are looking for Diplomatix.

    2. Anonymous Coward
      Anonymous Coward

      I once had to wave and type "I see what you did" on the screen... only to notice I had hit the one laptop shortcut that launches the camera app.

      It was late, there may have been beer, and for 5 seconds I thought the NSA *was* watching.

      1. wyatt

        You'll be fine, you've your camera counter measure in place haven't you...?

  4. elDog

    I suppose someone will tell me next that my LED screen/light-bulb is watching me...

    The reflections off my eyeballs - where I'm looking. Or the bodies in front of the screen moving about a room - infrared included.

    While this seems silly given current consumer technology it certainly seems possible and possibly being actively developed.

    1. This post has been deleted by its author

    2. cortland

      Re: I suppose someone will tell me next that my LED screen/light-bulb is watching me...

      Some years ago, there was an article – I don't recall where – about recovering data off screens by looking at the illumination of window blinds or curtains from a distance.

      This may be easier with low resolution screens, as detection of individual pixels will be easier at the slower pixel rate.

  5. Eddy Ito

    Does anyone else have a sense of deja vu?

    1. Andrew Commons

      Deja vue all over again

      Sure did. And it was also reported on The Register.

      https://www.theregister.co.uk/2013/12/05/airgap_chatting_malware/

    2. JeffyPoooh
      Pint

      Does anyone else have a sense of deja vu?

      Yes.

      Yes.

  6. Doctor Syntax Silver badge

    You're all forgetting the purpose of this research: published papers.

  7. Stuart Halliday

    1 bit per sec? This is a joke right?

    1. Anonymous Coward
      Anonymous Coward

      80000 bits is enough for anyone though.

    2. Andrew Commons

      Fast enough...

      You can get a big cryptyo key out in less than an hour.

  8. adnim

    Theory and in practice?

    Audiophile speakers and professional studio quality microphones, just may be able to communicate in the 18khz to 24khz range. The roll off on professional kit in this range is, I guess between ±3dB and ±6dB, it's been years since I worked in a studio.

    Your average consumer microphone and PC/laptop speakers I believe would need to communicate with each other at a volume and frequency range a human... even an old one like me, could hear.

    1. Grikath

      Re: Theory and in practice?

      yup...

      Especially given the directionality of high frequency sound, and the fact that the speakers would generally not be aimed at each other...

      You'd need to put out some serious volume to get anywhere. Well into hearing range of all but the most disco-deaf.

    2. Anonymous Coward
      Anonymous Coward

      Re: Theory and in practice?

      "...in the 18khz to 24khz range."

      kHz! Das H in Hz ist ein Großbuchstabe.

      Vielen Dank.

      Mit herzlichen Grüßen

      -Heinrich

      1. Anonymous Coward
        Joke

        Re: Theory and in practice?

        khz = kilo-heinz. It measures the ratio between a mixture's liquids to solids where one heinz is approximately the same as a tin of beans.

      2. Adam 1

        Re: Theory and in practice?

        Hz needs an El Reg alternative to avoid all this confusion.

        1. the spectacularly refined chap
          Paris Hilton

          Re: Theory and in practice?

          I nominate the boing. The average rate you'd pound this at --->

        2. Jason Bloomberg Silver badge

          Re: Theory and in practice?

          Hz needs an El Reg alternative to avoid all this confusion.

          I propose the "Ouch".

          1. stephanh

            Re: Theory and in practice?

            I propose the kilometer per second per megaparsec which, as we learned the other day, is used to express the Hubble non-constant. It's about 30 zeptoherz.

      3. Smoking Man

        Re: Theory and in practice?

        He, Heinz, du Rechtschreibeblockwart,

        gratuliere, du hast was gefunden.

        Jetzt troll dich zurück ins Heise-Forum, zum Rest Deinesgleichen.

  9. a_yank_lurker

    Relevance

    The theoretical problem the 'researchers' posed is nonsense. At the distance one has to be for a decent transfer speed, one may as well being sitting at the keyboard. They also miss the point of air-gapping: the computer is isolated from the most dangerous external threats. For an air-gapped computer to be compromised one would need physical access which limits the number of people dramatically to maybe a handful. Exploits with an effective range of a few meters that can easily be blocked (play music in the room) are not worth worrying about.

    1. Andrew Commons

      Re: Relevance

      The people who build them and ship them have physical access so that's one hell of a big handful.

      1. Doctor Syntax Silver badge

        Re: Relevance

        "The people who build them and ship them have physical access so that's one hell of a big handful."

        So what do you do, compromise all of them in hope that you'll eventually find one online that shares a room with an air-gapped one you're interested in? However, just to be on the safe side, if you're installing an air-gapped machine make sure it's a different make to any others in the room.

        1. Andrew Commons

          Re: Relevance

          @Doctor

          With just in time manufacturing you could get quite specific. And if you stuffed something in the BIOS then infecting everything is no big deal. Compromise the machines you are potentially interested in at source. You just need a listening device not another machine in the same room and you can build that into the wall.

    2. Mark 85

      Re: Relevance

      Nah... not nonsense". Someone got a paper published. Someone got a degree. Someone got some funding. It's all good. Now we just need to define "good".

    3. skwdenyer

      Re: Relevance

      Just because in your mind the case does not exist, does not mean the case does not exist.

      In many industries, PCs are tools, with an expected life in decades. Medical equipment, CNC machines, whatever. Air gapping there is all about simply not connecting them to the internet / a network (BSG75 style) - we're not talking national security.

      The threat is therefore not theoretical. Infection vector is an issue, of course, but even those old machines need updating sometimes, with a (potentially infected) USB stick say.

      Fast forward a few steps and find deep learning embedded into malware - searching for the best form of comms... This research is actually useful, because it forces those who need to think about these things for their situations to think further about every part of the machine (not just the ethernet jack).

  10. Anonymous Coward
    Anonymous Coward

    r/badBIOS

    There is a Reddit site that has been up for several years since "BadBios" was first proposed.

    Some users of the site claim to have fallen victim to strange and unusual ongoing attacks.

    It is not for me to say if the commentards are victims from actual malware attacks or victims of a form of mental stress brought on by the never ending "whack-a-mole" that is computer security or adverse reaction to revelations of government surveillance. They are victims nonetheless.

    https://www.reddit.com/r/badBIOS/

  11. Anonymous Coward
    Anonymous Coward

    Alexa

    ME: "Alexa, can my air-gapped PC be compromised by a speaker?"

    Alexa: "Of course not, don't be silly."

    1. Andrew Commons

      Re: Alexa

      You forgot to add the spooky laughing.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like