Researchers have shown how to send information through sound waves from IT equipment.
Toronto Sun reported on the work by Red Balloon Security, which demonstrated “the ability to hijack standard equipment” inside PCs, printers and “millions of other devices in order to send information out of an office through sound waves”. The programme “takes control” of physical prongs in “general-purpose input/output circuits”, vibrating them at a frequency “of the researchers’ choosing, which can be audible or not”.
This allows for an AM radio antenna “a short distance away” to pick up the vibrations and the ‘Funtenna’ “adds another potential channel” of “extracting information” from technology that “would be hard to detect because no traffic logs would catch data leaving the premises”. Lead Researcher Ang Cui demonstrated the system ahead of a talk at the Black Hat security conference in Las Vegas, with “proof-of-concept” code to be released as well.
Cui showed the hack to reporters and said he would release the code, which would allow “other researchers and potentially malicious hackers to build on his work”, though hackers would need an antenna “close to the targeted building to pick up the sound waves”. In turn, they would also “need to find some way to get inside a targeted machine and convert the desired data to the format for transmission”.
The news outlet points out that the development of the tool “is another illustration that a broadening array of devise can be manipulated in unpredictable ways”, as well as another area in which “attackers [can] increase their advantage over defenders as gadgets grow more complex”. You can view a video of the technology in operation below.
[vimeo]https://vimeo.com/135270882[/vimeo]