Do you hear what I hear?

Do you hear what I hear?

'Tis the season, as they say.  So, as I'm reading the latest computer security news, I come across a truly scary article...  apparently, you no longer have to be connected to the internet or any computer network to become infected with a computer virus! If your computer has a microphone and speakers, it's at risk!

The full story is here, but let me summarize in simpler language...

Security researchers have adapted a system used for underwater communication between computers that will allow a malicious computer to send inaudible commands through its speaker to a target computer up to 65 feet away.

The target computer (which doesn't need to be connected to the internet) receives the sounds through its microphone and becomes infected over time - kind of like death by a thousand cuts.

The amount of data that can be transferred during each "transmission" is miniscule (maybe the equivalent of two keystrokes per second).  But, since nobody can hear the transmission and is not trying to protect the computer from such an attack (after all, the computer isn't even on the internet), these transmissions can go on for hours, days, weeks, or longer without detection.  Over that period of time, a relatively large and complex program could be sent from the "bad" computer to the target computer.  Once infected, the target computer could be instructed to transmit information back to the "bad" computer - information like secret files, or login credentials.

Before you panic and place your stand-alone computer under Maxwell Smart's "cone of silence", you should understand that this type of attack only makes sense when applied against a very high value target - so you won't have to worry about someone stealing your grandma's secret recipes just yet!