LAS VEGAS (Reuters) - A team of security researchers has demonstrated the ability to hijack standard equipment inside computers, printers and millions of other devices in order to send information out of an office through sound waves.
The attack program takes control of the physical prongs on general-purpose input/output circuits and vibrates them at a frequency of the researchers’ choosing, which can be audible or not. The vibrations can be picked up with an AM radio antenna a short distance away.
For decades, spy agencies and researchers have sought arcane ways of extracting information from keyboards and the like, successfully capturing light, heat and other emanations that allow the receivers to reconstruct content.
The new makeshift transmitting antenna, dubbed “Funtenna” by lead researcher Ang Cui of Red Balloon Security, adds another potential channel that likewise be would be hard to detect because no traffic logs would catch data leaving the premises.
Cui showed the system in action for a few reporters ahead of his talk Wednesday at the annual security conference Black Hat in Las Vegas. He said he would release “proof-of-concept” code after the talk, allowing other researchers and potentially malicious hackers to build on his work.
Hackers would need an antenna close to the targeted building to pick up the sound waves, Cui said, and they would need to find some way to get inside a targeted machine and convert the desired data to the format for transmission.
But the tool’s development over the past two years is another illustration that a broadening array of devices can be manipulated in unpredictable ways and that attackers increase their advantage over defenders as gadgets grow more complex.
Reporting by Joseph Menn; Editing by Cynthia Osterman