Preventing your network of computers from cyber attack (malware), the first logical step is isolating the affected computer from the network. Such technique is known as "air-gapping."
But as a deathblow to the time tested method of unplugging the affected computer to save the rest of the computers in the network, we now have a new malware to worry about. It is where air-gapping does not help prevent the spread of malware within the network. This is achieved with the help of "hidden acoustic waves."
How Does This New Malware Work?
According to a recent study conducted by scientists Michael Hanspach and Michael Goetz, this type of malware can escape air-gap by interpreting malicious computer code into sound waves, which is then transmitted by using a computer's peripheral device to attack the nearby computers. Speakers, sound cards and microphones are mostly overlooked entities in security planning. Using frequencies outside the range of human hearing, such messages can escape detection.
How Was This Malware Discovered?
In a proof-of-concept from Germany's Fraunhofer Institute for Communication, Information Processing and Ergonomics, researchers could use the built-in speakers and microphones of computers to transmit passwords and other data at a rate of 20 bits per second over a distance of almost 20 meters, allowing the malware to leak data to the outside world.
Should You Be Worried?
According to Telegraph, the networks relying on acoustical communication are very rarely used because of the much higher bit rates and ranges offered by radio transmission. Citing infrastructure problems, this particular malware may not take off in a full-fledged Avatar until sometime. So there is nothing much to worry about at this.
What Are the Countermeasures To Prevent Attacks?
When a computer is affected by a malware, apart from disconnecting the system from the network, the audio input and output devices should be switched off or unplugged. The scientists claimed this is the only way to prevent such attacks.
Will This Malware Have Any Implication On Google's SlickLogin Acquisition?
Google acquired Israeli security startup firm, SlickLogin. The idea is to let the user login easily and hassle-free enabling the authentication to be effective.
SlickLogin uses smartphones and high-frequency sounds for identity verification at Web sites. It doesn't just offer two-factor authentication. The sound waves can also transmit user account information. This means you could log in to a Web site by doing nothing other than holding your phone next to a computer. The sound wave takes care of all the data transfers.
Should Google be worried about SlickLogin's core ideology?