Future malware attacks could be triggered by music or even lighting - allowing cybercriminals to command and control large numbers of infected devices in the same area, according to researchers at the University of Alabama at Birmingham.
A team of researchers was able to trigger pre-installed malware from a distance of 55 feet using music as a signal. They were also able to use light from monitor screens and overhead bulbs, as well as vibrations from a subwoofer in separate tests. Signals could be sent using “low-end PC speakers with minimal amplification and low volume”, the researchers said.
The researchers were also able to trigger malware using magnetic fields - this had a shorter range, but is less detectable to the user.
“When you go to an arena or Starbucks, you don’t expect the music to have a hidden message, so this is a big paradigm shift because the public sees only emails and the Internet as vulnerable to malware attacks,” said Ragib Hasan, PhD, assistant professor of computer and information sciences at UAB.
“We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that.”
“We showed that these sensory channels can be used to send short messages that may eventually be used to trigger a mass-signal attack,” said Nitesh Saxena, PhD, of UAB. “While traditional networking communication used to send such triggers can be detected relatively easily, there does not seem to be a good way to detect such covert channels currently.”
The researchers presented a paper titled “Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices,” this year at the 8th Association for Computing Machinery Symposium on Information, Computer and Communications Security in Hangzhou, China.
