Can a Computer Virus Communicate Through Your Speakers?

This post is also available in: עברית (Hebrew)

Dragos Ruiu first became suspicious when he was installing a new version of Apple’s OS X onto his MacBook. Unasked, his laptop also started to update its BIOS – which boots up the OS and choreographs use of disc drives and memory. In the three years since, Ruiu’s computers have continued to do strange things – even when unplugged and with the Wi-Fi and Bluetooth switched off. He now believes that hidden viruses on his machines are being controlled via ultrasound signals broadcast from one infected computer to another.

According to New Scientist the incredible claims made by Ruiu, a respected computer security researcher from Vancouver, Canada, have sparked a row in the world of cyber security. Some doubt this sonic “backdoor” can be genuine – no one has yet tracked down computer code that can generate the audio. Although Ruiu’s claim remains unproven, others say that audio-based malware is a very real possibility.

The row started on 15 October when Ruiu posted on his Google+ page that a high-pitched whine in his home sound system was not, as he’d suspected, being caused by electrical noise from his home wiring. Instead, his tests showed it was probably being caused by interference from ultrasonic audio being transmitted between the loudspeakers and microphones of nearby computers. He also found that the ultrasound broadcasts ceased when the receiving computer’s microphone was disabled.

“We have recorded high-frequency audio signals between our computers and have seen the computers mysteriously change their configuration even when they don’t have network connections, Wi-Fi cards or Bluetooth cards,” Ruiu told New Scientist. “And we ran them on batteries so they were not receiving anything though the power lines.”

iHLS – Israel Homeland Security

If Ruiu is right, it means that malware, which he has called “badBIOS”, has somehow been installed in one of his computer’s chips, only to lie dormant until an audio signal wakes it up. No malicious code has so far been found on Ruiu’s “infected” machines. “This is all conjecture until forensic analysis finds something,” he admits. Whether or not a virus is found this time, it raises the disturbing prospect of audio controlling malware between “air-gapped” computers – those with no electronic or wireless connections. Until now, most people thought this was an ultra-secure way to operate.

“Malware, as well as legitimate software, can use any kind of signals and inputs to activate and modify its operation, so that would certainly extend to audio inputs,” says Ralph Langner, who is based in Hamburg, Germany, and discovered how theStuxnet worm attacked Iran’s nuclear fuel enrichment facilities.

But making audio malware would be far from simple because of its “unreliable” transmissions through the air and walls, says Boldi Bencsth of the CrySys security lab in Budapest, Hungary. He says the widely varying specifications of sound cards would make it hard to ensure malicious instructions were received by all types of computer. “Maybe it could work for slowly sending a few bits per minute, but it won’t work for downloading terabytes,” he says. But that might be all it needs to send control information.