Malware That Communicates Via Sound Waves Inaudible To Humans

As experts suggest, the best way to prevent your computer from being infected by malwares is to keep it offline, but how reliable it can be when you have already heard about Dragos Ruiu’s BadBios

As experts suggest, the best way to prevent your computer from being infected by malwares is to keep it offline, but how reliable it can be when you have already heard about Dragos Ruiu’s BadBios – the malware that can infect air-gapped systems by means of high-frequency sound waves? Is BadBIOS real?

Scientists have invented a malware prototype that can transmit data between computers that are not networked to each other, all by means of inaudible audio signals.

The malware can surreptitiously transmit keystrokes and other sensitive information even when the infected machines have no network connection. It uses high-frequency communication method to bridge the air gap – a type of security where network is kept secured by isolating from other local networks and the Internet.

In one of the experiment at Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics – the researchers were able to transmit passwords and other small amounts of data from distance of almost 65 feet, just by using the built-in microphones and speakers of standard computers.

The distance of data transmission can be intensified to much extent by using using an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals.

Michael Hanspach, one of the authors wrote in an e-mail to Arc Technica:

“In our article, we describe how the complete concept of air gaps can be considered obsolete as commonly available laptops can communicate over their internal speakers and microphones and even form a covert acoustical mesh network. Over this covert network, information can travel over multiple hops of infected nodes, connecting completely isolated computing systems and networks (e.g. the internet) to each other. We also propose some countermeasures against participation in a covert network.”

They also developed several ways to use inaudible sounds to transmit using two Lenovo T400 laptops using only their built-in microphones and speakers and found that the system of communication so-called Adaptive Communication System (ACS) to be the most effective technique.

This technique was created by the Research Department for Underwater Acoustics and Geophysics in Germany. This system was originally developed to acoustically transmit data under water. During the experiment, the ACS modem was able to transmit data between laptops as much as 19.7 meters (64.6 feet) apart.

The researchers also proposed the use of an audio intrusion detection guard – the kind of device that would forward audio input and output signals and store the guard’s internal state for further analysis.

And, about Dragos Ruiu’s claim about badBIOS infections – it’s not yet confirmed.

The finding was first published in Journal of Communications.

[Image Credit: Hanspach and Goetz via  Arc Technica]

Sparkonit brings you the latest of Science and Technology. If you want more articles like this, support me by adding on Facebook and Twitter. This is all I will ever ask. Thanks!


  1. Bummer.

    I tend to seek out unexpectedly low-tech solutions because they often fly below the radar. For example, if electronic communication interception is an issue, landlines (unless they tap you) and snail mail come to mind. Also, there are the original mechanical TTYs (formerly teletypes, then converted to be used by the deaf) which NOBODY would think to monitor, and the “communication” can only be saved/retrieved by paper.

    So, in the spirit of low-tech, would a physical switch for the mics and speakers on all future machines (and a retrofit? on current ones), or maybe even (for the more tech savvy) temporarily disabling them by software possibly be of any use? Forget the inconvenience, for the moment.

    1. Of course, disabling them would be of use. One great thing about latest technologies is that now they don’t need any sort of physical ‘existence’; what’s better than the info being transferred without involving inconvenience of turning on a switch (even if it’s only a bit inconvenient) or waiting for data to be intercepted by your system or the receiving one.

      Maybe, this technology will come with its own disadvantages, if that’s the case, we will think of ‘old is gold’ and use the old fashioned method (or existing ones) of data transfer?

What Do You Think?

%d bloggers like this: