December 14, 2013. Computer scientists Michael Hanspach and Michael Goetz of the Fraunhofer Institute for Communication, Information Processing, and Ergonomics FKIE have proven that computers can create hidden networks via ultrasound. Hanspach and his colleague had successfully transmitted data from one computer to another without providing a connection via wireless LAN, network cards, or the Internet.
In an experiment that was published in the Journal of Communications in November, Hanspach and Goetz studied how computers can connect to each other in an inaudible acoustic network and exchange data. In the mesh network, the computers were not connected to a central access point or router, as would be the case in a conventional wireless LAN network. The scientists chose a near-ultrasonic frequency range. The results of the experiment: The computers communicated with each other within a range of up to 20 m using their built-in loudspeakers and microphones.
In the experiment, which involved five computers, the signals could be transmitted from one to another until one computer with a regular Internet connection took the signal “outside.” This result might also be achieved with smartphones or tablets, said Hanspach.
Would it be possible to infect computers with malware this way? Hanspach is skeptical that the malware “badBIOS” exists in the manner that was discussed in the technology news articles of the past weeks. However, what sounds like science fiction today might well be reality in five years, the scientist said. The danger from an audio botnet would be considerable. This applies to critical infrastructures, for example.
Fraunhofer FKIE said it is actively involved in information security research. “Our mission is to strengthen security by the means of early detection and prevention of potential threats. The research on acoustical mesh networks in air was aimed at demonstrating the upcoming threat of covert communication technologies,” the organization said in a statement, adding, “Fraunhofer FKIE does not develop any malware or viruses, and the presented proof-of-concept does not spread to other computing systems, but constitutes only a covert communication channel between hypothetical instantiations of a malware. The ultimate goal of the presented research project is to raise awareness for these kinds of attacks, and to deliver appropriate countermeasures to our customers.”