coderman wrote:
* some have confused the audio malware channel with audio as infection vector - this is not the case.
~Griffin replies:
If you whistle into the bluetooth sensor *just* right, you might be able to pull it off. Just remember you have to use one of those special whistles that come in boxes of BooBerry.
ok- myself the fool must speak again... imagine you have a secure facility, locked down, faraday caged, etc, and a freaking marching band starts playing outside the walls... what if this sound passed through the electromagnetic barrier that captures EM signals, and activates or accesses hidden hardware, computers within a computer, say a quantum network wakes up and starts to parse data in an unobservable way. that is, enough computing power to analyze and attain targeted data. and that in turn this data is relayed outwards via vibrations - resonating sequences, that exfiltrate data across enough sound bandwidth to dump everything in a short period of time. perhaps not Captain Crunch in an audio port, yet what of hidden audio channels or dual-use components that can function as a microphone or exist unseen, unobservable within the given software/hardware perspective of what can be and is monitored. whose to say or how to know that a particular MP3 playing nearby a computer is not capable of infecting it via a stream of hidden encoded data that could activate a switch or arm a hostile process. what if the security system monitoring things is somehow able to communicate across airgaps, or -- fuckit: ZOMBIES unconsciously programmed to make errors or mistakes that lead to security exploits, say bringing in the mp3 into proximity to the otherwise secure computer, something believed innocuous potentially, yet such an action cascading into an exploit beyond USB payloads. what components besides a speaker can also function as microphones (listening for signals), LEDs, perhaps FET or other devices as a signal surge or particular sequence could (if not like buffer overflow) function beyond known parameters. what if a resonating cavity exists inside the CPU like ethernet wake-on-LAN and knowing that whistle wakes up an alternative network and hidden functioning. that piccolo player outside the window could be a hacker yet outside the threat model. hypothetical and conspiracy, though what about non-electromagnetic dynamics also...