Malware Jumps The Air Gap
Recent research in Germany, reported earlier this week in Ars Technica, raises a troubling prospect. The researchers have "proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection." In other words, we now have a working prototype for malware that can exfiltrate data that jumps the
Recent research in Germany, reported earlier this week in Ars Technica, raises a troubling prospect. The researchers have "proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection." In other words, we now have a working prototype for malware that can exfiltrate data that jumps the air gap -- at distances up to 65 feet. Right now the transmission rate is low -- only 20 bits/second or so. But that's more than enough to remove small bits of data like, say, passwords. As the Jetson's dog Astro would say: "Ruh roh."
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company. He formerly served as deputy assistant secretary for policy in the Department of Homeland Security. He is a professorial lecturer in law at George Washington University, a senior fellow in the Tech, Law & Security program at American University, and a board member of the Journal of National Security Law and Policy.
