Thursday, June 12, 2014

New from NetiquetteIQ! Definition of The Day - Pertinent Information for Electronic Communications - Acoustical Infection

Today I am pleased to announce a new feature of the Netiquette IQ blog! This will be definition of specific technologies or items. In order to provide optimal Netiquette in your communication, it is essential to know of certain components which contribute to the delivery of email. The blog today deals with acoustic Infection.
=============================================


Acoustical Infection

Acoustic infection is a type of malware that uses a compromised computer’s sound card and speakers to send data using a covert ultrasonic acoustical mesh network.
Researchers at the Fraunhofer Institute for Communication, Information Processing and Ergonomics investigated the possibilities of malware performing data transfer across the sound devices in air gapped computers. Air gapping is a security measure that involves removing a computer or network from any external network physically and also ensuring there is no wireless connection.
In the proof of concept exploit, the researchers were able to hijack the target computer’s sound card and speakers to transmit data to a receiver. The researchers’ most successful trial used software intended for underwater communication. An infected air gapped computer sent out the ultrasonic signal, which was picked up by the attackers’ receiving microphone up 65 feet away and demodulated by the software on the attack computer. While, contrary to rumor, the proof of concept did not actually infect via sound waves, it is theoretically possible.
The proof of concept exploit used conventional means, such as external drives, to infect the target system. Despite acoustic infection’s low bandwidth (20bits/s), the fact that it uses sound beyond the range of human hearing means that malware can stealthily send data without an Internet connection. That capacity is enough to enable sending small phrases picked out for their relevance, making the strongest password easily accessible to the attacker.
To prevent data exfiltration in sound-gapped computers, the researchers recommend that the audio devices be removed. Nevertheless, it’s still possible that a compromised computer could be outfitted with supplemental audio devices that are very difficult to detect.
This was last updated in April 2014
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse from whatis.com
==================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


Looking for feedback on a location for the company picnic? Use Saepta to post that quick question to staff and review results in real time. Interested in a quick response from a few loyal customers regarding choosing a new product name? Saepta offers privacy through a direct link to a target list, providing you real time feedback that includes comments.

Saepta combines ease-of-use with powerful voting features to provide real-time feedback and comments. Visit saepta.com to experience the public version of social network voting, and visit get.saepta.com for additional information on deploying Saepta within your organization.
 =============================================