Just when you thought malware couldn’t get any scarier, think again. The next generation of malware is becoming orders of magnitudes more sophisticated. The new battleground isn’t in the corporate perimeter, data center or CDN edge, it’s in the audio signals, generated by devices. In a security research project, two German computer scientists, Michael Hanspach and Michael Goetz, stimulated an air attack through device speakers and microphones, and captured sensitive password data via keyloggers.
Next Generation Malware
This type of attack is known as “air-gap” malware. Air-gap is the distance between the corporate computer and the outside world. In the study, the researchers used covert channels, which are communication channels that circumvents traditional communication lines, and exploit communication channels that were never intended to communicate. So instead of exploiting the LAN, WAN, and Wireless systems, the researchers used audio waves generated by the speakers and microphones. The worse part of it, the device doesn’t have to be online for the attack to take place.
Although the project was a pilot, in the very early stages of development, it’s only a matter of time before computer scientist employed by cyber criminals, create the next air born malware, using audio signals. If the cyber criminals are intelligent enough to create polymorphic malware, that changes its identity to hide from signature based antivirus programs, their intelligent enough to create air-gap malware.