“The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered,” states the paper.
“The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place.”
The paper describes is very intriguing because it incorporates the Dragos Ruiu’s allegations, it remark the principle that is possible to infect a “disconnected system” exploiting a different channel for malware propagation.
Michael Hanspach and Michael Goetz confirmed that there is no connection between their paper and badBIOS, Hanspach said their attack is feasible today because the utilized techniques are well documented.
“If we were able to come up with this research with very few people, time and budget (and with good intentions), so would be larger groups (maybe with a different intention),” “Therefore, anyone working in a security critical context should be thinking about protection measures.” Hanspach said via email to the Threatpost.
Let’s wait for a security solution, meantime security managers of critical computing systems are advised.