Support 100 years of independent journalism.

3 December 2013

Researchers prove PC viruses can spread via microphones

When the so-called "badBIOS" virus was found in October, transmitting itself by audio broadcasts at inaudible frequencies, it seemed incredible - and now we have proof-of-concept.

By Ian Steadman

Researchers have proven that it’s possible to transmit computer viruses via sound, confirming a controversial suspicion reported earlier this year that malware was mutating into strange, unexpected new forms.

Three years ago Dragos Ruiu, a computer security expert, discovered that several of his computers were infected with some kind of virus – and, even weirder, they were managing to talk to each other even when their Wi-Fi and Bluetooth connections were turned off. Disconnecting the ethernet and power cables didn’t work either. He physically removed the wireless cards from the machine and it didn’t have any effect on stopping the virus.

This was baffling. I’ll let Dan Goodin at ars technica explain why:

In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that’s able to survive extreme antibiotic therapies. Within hours or weeks of wiping an infected computer clean, the odd behavior would return. The most visible sign of contamination is a machine’s inability to boot off a CD, but other, more subtle behaviors can be observed when using tools such as Process Monitor, which is designed for troubleshooting and forensic investigations.

Another intriguing characteristic: in addition to jumping “airgaps” designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. A weekly newsletter helping you fit together the pieces of the global economic slowdown. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

“We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,” Ruiu said. “At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.”

Content from our partners
Transport is the core of levelling up
The forgotten crisis: How businesses can boost biodiversity
Small businesses can be the backbone of our national recovery

In October, Ruiu settled upon a hypothesis – this malware would first get onto a computer on an infected USB stick, where it would burrow into the machine’s BIOS (that’s the fundamental program that runs directly off its hardware). It would then take over the computer’s microphone and speakers and communicate with other computers by high-frequency sounds that humans can’t hear.

That’s right – computers that, literally, speak to each other.

It was such an unbelievable idea that, at first, many other experts has assumed Ruiu had made some fundamental mistake. Ruiu himself made it clear that his research needed to be peer-reviewed, it was such an extraordinary idea. The possibility that such a virus – which he dubbed “badBIOS” – is out in the wild is a worrying one for those who rely on air gaps to keep their machines clean.

Researchers from the Fraunhofer Institute for Communication, Information Processing, and Ergonomics in Germany have now provided some proof-of-concept that the mechanism Ruiu describes is possible. Using a program originally developed for transmitting information acoustically underwater, they managed to get computers exchanging inaudible broadcasts over distances of up to 65 feet, according to their paper in the Journal of Communications.

Importantly, it wasn’t just two computers talking, but also a demonstration of “how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks”. That mesh network, where each computer talks to several others, would explain how Ruiu was unable to completely clear his lab of infected machines – each time he would wipe a machine then turn it back one, it would be infected by at least one of the remaining machines that had yet to be wiped.

The bandwidth of this method is incredibly small, only a few bits per second, which makes this a pretty useless tool for extracting large files from target machines. It would work well as a keylogger, though, noting down usernames and passwords. These could be used to give access for more traditional viruses.

It’s a fascinating find, although it still doesn’t explain where on earth badBIOS came from – if it does exist – nor how it first infected Ruiu’s computers. But, these days it isn’t unusual for the paranoid to stick tape across their webcam to stop hackers taking surreptitious pictures. Perhaps it may be wise to begin eyeing that uncovered microphone with equal suspicion.