One of the go-to strategies for securing a computer network when a machine is infected with malware is to remove that machine from the network. This effectively prevents the malware from spreading to other devices.
The technique is called “air-gapping” – network admins are building a “roadblock” quite literally made out of air to stop malicious computer code from propagating throughout a network. With no cables connecting the affected machine to the rest of the network, malware has no “road” by which to travel.
But air-gap malware has no need for a road. It travels through the air as sound waves to infect machines that it is physically near, no matter what network they may be a part of.
What is it and how does it work?
Air-gap malware is that which is able to jump the air-gap by “translating” malicious computer code into high-frequency sound, then transmitting that sound to infect nearby computers.
Engin Kirda, professor at Northeastern University and a co-founder of Lastline, a company specializing in advanced malware, said, “Recently, researchers have started to show proof-of-concept implementations of how malware could leak data from an air-gapped machine using peripheral devices such as microphones and sound cards.”
That’s right: sound as virus. Computer data can’t travel over the air in its raw form, but your computer’s sound card is more than enough to “broadcast” the malware as inaudible sound that interacts with other machines. It doesn’t care what network a computer is on.
Kirda said that one can “think of it as a technique that is similar to how modems work and how machines communicate over phone lines.”
The diagram below comes from a paper about air-gap malware by Michael Hanspach and Michael Goetz. Even if you remove a computer from a network, air-gap malware plays on the computers’ shared physical environment to spread itself.
Where did it come from? There’s not a good answer to this question, but the idea that sound can leak or reveal information from a machine is not a new one. It doesn’t even have to be a modern computer. Research has shown that the sounds of a dot matrix printer can be used to reverse-engineer the content being printed.
Teaching computer malware to play on this technique, however, is new.
How worried should you be about air-gap malware?
For being such an effective method of crippling computers, air-gap malware thankfully doesn’t pose much of a threat to casual computer users. Kirda said: “This is all not trivial…The attacker would probably have to be very sophisticated to be able to pull of something like this.”
There’s not really a way to proactively protect yourself from air-gap malware, but that’s okay for now. The techniques that go into employing air-gap malware are complex and can only be orchestrated by a very skilled hacker.
Put another way, this isn’t the type of malware you accidentally get from installing bum software. It’s the kind you get when someone is coming for your network specifically.