Definition

acoustical infection

Part of the Spyware glossary:

Acoustic infection is a type of malware that uses a compromised computer’s sound card and speakers to send data using a covert ultrasonic acoustical mesh network.

Researchers at the Fraunhofer Institute for Communication, Information Processing and Ergonomics investigated the possibilities of malware performing data transfer across the sound devices in air gapped computers. Air gapping is a security measure that involves removing a computer or network from any external network physically and also ensuring there is no wireless connection.

In the proof of concept exploit, the researchers were able to hijack the target computer’s sound card and speakers to transmit data to a receiver. The researchers’ most successful trial used software intended for underwater communication. An infected air gapped computer sent out the ultrasonic signal, which was picked up by the attackers’ receiving microphone up 65 feet away and demodulated by the software on the attack computer. While, contrary to rumor, the proof of concept did not actually infect via sound waves, it is theoretically possible.

The proof of concept exploit used conventional means, such as external drives, to infect the target system. Despite acoustic infection’s low bandwidth (20bits/s), the fact that it uses sound beyond the range of human hearing means that malware can stealthily send data without an Internet connection. That capacity is enough to enable sending small phrases picked out for their relevance, making the strongest password easily accessible to the attacker.

To prevent data exfiltration in sound-gapped computers, the researchers recommend that the audio devices be removed. Nevertheless, it’s still possible that a compromised computer could be outfitted with supplemental audio devices that are very difficult to detect.

This was last updated in April 2014
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms

Definitions

  • pre-installed malware

    - Pre-installed malware is malicious software that is put on a machine before it is delivered to the user. New devices are usually assumed to be uncompromised but there are numerous reports of malwar... (WhatIs.com)

  • digital footprint

    - A digital footprint, sometimes called a digital dossier, is the body of data that exists as a result of actions and communications online that can in some way be traced back to an individual. A dig... (WhatIs.com)

  • wiretapping

    - Wiretapping is the surreptitious electronic monitoring of telephone, telegraph, cellular, fax or Internet-based communications. Wiretapping is achieved either through the placement of a monitoring ... (WhatIs.com)

Glossaries

  • Spyware

    - Terms related to spyware, including definitions about malware and words and phrases about online advertising, adware and online privacy.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About acoustical infectionPowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.