Malware Jumps The Air Gap
Recent research in Germany, reported earlier this week in Ars Technica, raises a troubling prospect. The researchers have "proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection." In other words, we now have a working prototype for malware that can exfiltrate data that jumps the
Published by The Lawfare Institute
in Cooperation With
Recent research in Germany, reported earlier this week in Ars Technica, raises a troubling prospect. The researchers have "proposed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection." In other words, we now have a working prototype for malware that can exfiltrate data that jumps the air gap -- at distances up to 65 feet. Right now the transmission rate is low -- only 20 bits/second or so. But that's more than enough to remove small bits of data like, say, passwords. As the Jetson's dog Astro would say: "Ruh roh."
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.
