KentuckyFC writes: It’s easy to imagine that computer security experts have a good idea of the kind of attacks they are likely to experience in future. They may not know the details but they should at least know the channels that are vulnerable so that they can allocate security resources accordingly. Perhaps not! Security researchers in Germany have demonstrated an entirely new way to attack computer networks and steal information without anybody knowing. The new medium of attack is ultrasonic sound. It relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. The team has tested this kind of attack on a set of Lenovo T400 laptops infected with key-logging software. They say it is possible to transmit ultrasonic signals covertly at data rates of 20 bits per second at distances of up to 20 metres in an office environment. Interestingly, the team created the covert system by adapting a protocol designed for underwater acoustic communication. They've also tested various strategies for defeating this kind of attack. An obvious option is to disable all speakers and microphones but this also prevents ordinary activities such as VOIP communication. Instead, they suggest filtering the audio signals to prevent ultrasonic transmissions or converting them into an audible frequency.
"No, no, I don't mind being called the smartest man in the world. I just wish
it wasn't this one."
-- Adrian Veidt/Ozymandias, WATCHMEN