back to article Security boffins say music could trigger mobile malware

Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale. The paper, titled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices, was presented in the …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Devil

    "You have no idea of my hidden infection channels....."

    Hehehehehe!

  2. This post has been deleted by its author

  3. Mike Bell
    Facepalm

    Phew! I'm safe...

    ...because my phone is 56 feet away from that tannoy, rather than 55 feet.

    It's called steganography. Nothing to see here, move along now.

    1. big_D Silver badge

      Re: Phew! I'm safe...

      Yep, the silly thing is, the malware already has to be on the device. You can't "infect" the device with music, it is just another trigger, like date and time, user input, geo data, camera, tilt sensor, C&C server etc.

      Malware has been able to access cameras and microphones on devices for years and they have used events to trigger themselves, combining the two is a logical next step.

      It doesn't even need "rigged" sound, going to a Bieber concert could provoke the device into play a Lady Gaga video etc.

      And it doesn't need to be malware, you could use it for a concert app etc.

    2. Frumious Bandersnatch Silver badge

      Re: Phew! I'm safe...

      It's called steganography. Nothing to see here, move along now.

      I haven't read the paper, but I don't think it's stego. According to the article, such inputs are used to trigger an existing infection rather than being used as a carrier for code or new information beyond the "trigger me now" signal. In this case, it's probably just another example of the use of "oblivious agents": an "agent" continuously monitors whatever sensor data it has available, produces a hash of some kind and if the hash matches a trigger condition, it activates. The "oblivious" part is that the agent doesn't "know" in advance (and examining the code won't reveal) what specific combination of inputs are needed for it to activate which function.

    3. Michael Wojcik Silver badge

      Re: Phew! I'm safe...

      It's called steganography

      This is about covert channels, not steganography. Steganography is an application of covert channels; specifically, it's creating a covert channel within an unprotected channel in an attempt to provide confidentiality. These covert channels already exist, and they can be used for non-confidential purposes. Indeed, the traditional use of a covert channel is to bypass security mechanisms, not to conceal information. Concealment is just a side effect and doesn't always apply.

      I haven't read the paper,1 but it doesn't look like there's any new theory here - just proof-of-concept work and a list of some of the channels. In that sense it's not significantly different from the research that was done at least as far back as the 1960s in looking at using covert channels like system statistics to leak information or control agents.

      1Famous last words. I should get that phrase printed on a t-shirt.

  4. NorthernCoder
    Coat

    Tin-foil brigade

    Does this mean the tin-foil brigade has to add egg trays to their protective measures?

  5. Anonymous Coward
    Boffin

    I call BS...

    "Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale."

    So the device has already been infected, how then is a command to that malware characterized as an "infection channel"? Is this what they teach journalists in their fancy journo schools?

    Great, my remote control aircraft doesn't really need servos or even a radio; I can just 'infect' it via the electromagnetic spectrum to do my bidding. Cool!

    1. big_D Silver badge

      Re: I call BS...

      Exactly!

    2. Allan Thomas

      RE: I call BS

      Is the program you use called skynet?

    3. Cameron Colley

      Re: I call BS...

      Exactly. This is about the control channel not the infection channel.

      The annoying thing is it is, in my opinion, still rather a cool idea (if not completely obviousness) that could have some fun, non-malicious, applications.

  6. stanimir

    Terribly slow day?

    Triggers bear little significance once a device is compromised which can't happen by just listening music (unless there is some serious bug to execute the bytes perceived as 'music').

    Morealso El Reg has committed to use metric, what's up w/ that distance in feet?

  7. Cliff

    I hope nobody got a free PhD for this

    I mean, 20-something years ago I had a crude proof of concept for this. Guess it's been a quiet news weekend with the UK bank holiday and all

    1. Anonymous Coward
      Anonymous Coward

      Re: I hope nobody got a free PhD for this

      "I mean, 20-something years ago I had a crude proof of concept for this."

      Can we see it?

      1. Michael Wojcik Silver badge

        Re: I hope nobody got a free PhD for this

        Sigh. Covert channels, with specific requirements for remediation at various certification levels, are covered in the Orange Book, which was published in 1983. That's 30 years ago, for those of you playing at home.

        Where an information system has an input channel, that channel is available to the system for input. The existence of covert channels is a tautology; what's interesting in the research on them are the practical implications, such as their availability at various privilege levels, their bandwidth, accidental information exposure (as in Kocher's timing attacks against modular multiplication), and so on.

  8. Vladimir Plouzhnikov

    White Cane 7.62?

    Going in the uncomfortably similar direction...

  9. auburnman

    Music triggering dangerous payload

    Isn't that the plot of the (absolutely abominable) Eagle Eye?

  10. Anonymous Coward 15
    Devil

    This sounds like the backmasked satanic messages thing.

    1. Destroy All Monsters Silver badge
      Black Helicopters

      Berryman Logical Image Technique (hence the usual acronym BLIT)

      SECRET * BASILISK

      Distribution UK List B[iv] only

      ... so called because its outline, when processed for non-hazardous viewing, is generally considered to resemble that of the bird. A processed (anamorphically elongated) partial image appears in Appendix 3 of this report, page A3-ii. THE STATED PAGE MUST NOT BE VIEWED THROUGH ANY FORM OF CYLINDRICAL LENS. PROLONGED VIEWING IS STRONGLY DISRECOMMENDED. PLEASE READ PAGE A3-i BEFORE PROCEEDING.

      2-6. This first example of the Berryman Logical Image Technique (hence the usual acronym BLIT) evolved from AI work at the Cambridge IV supercomputer facility, now discontinued. V.Berryman and C.M.Turner [3] hypothesized that pattern-recognition programs of sufficient complexity might be vulnerable to "Gödelian shock input" in the form of data incompatible with internal representation. Berryman went further and suggested that the existence of such a potential input was a logical necessity ...

      2-18. Details of the Berryman/Turner BLIT construction algorithms are not available at this classification level. Details of the eventual security breach at Cambridge IV are neither available nor fully known. Details of Cambridge IV casualty figures are, for the time being, reserved (sub judice).

  11. Anonymous Coward
    Anonymous Coward

    IPCRESS

    Now listen to me.

  12. Belgarion
    Facepalm

    NOW you tell me...

    ...when it's too late to get a blindfold for River!

  13. TeeCee Gold badge
    Happy

    Obvious application.

    A mod that causes the device to dump the contents of its battery across the headphone jack whenever an analysis of the sound output indicates that rap music is being played.

    Aversion therapy and a course in the electric foxtrot in one simple package.

  14. Robert Helpmann?? Silver badge
    Childcatcher

    Blipverts!

    This sort of thing has arguably already been implemented in some digital watermarking schemes. A signal which (supposedly) cannot be detected by the human ear is encoded in an audio recording, pre-installed software runs on the device which checks to see if it is a legitimate copy. If it is not, your head explodes the device refuses to play the audio.

    Big media, first in malware deployment methods.

  15. Anonymous Coward
    Anonymous Coward

    fnord

    1. Blofeld's Cat
      Happy

      How strange - a blank post.

  16. Maharg

    Starbucks.. evil...

    “When you go to an arena or Starbucks, you don’t expect the music to have a hidden message”

    In Starbucks, yes I do,

    Last time I went in I’m sure not only did they play a number of songs with drinking and ‘chillin’ being the main subjects, but also when it was more busy they changed to instrumental versions of ‘Fight the Power’ ‘The Revolution will not be Televised’ and ‘I Predict a Riot’ In fact I would not be surprised if they play edited music with subliminal messages in, such as background vocals of “buy a bigger coffee”, “You really want a pastry”, “Hey, you are not hip enough for this coffee shop, why not buy a Mac?” or “overthrow the government, Starbucks is the one true master.”

  17. nuked
    Pint

    I heard if you Shazaam the malicious audio the world explodes. A bit like googling google.

  18. mickey mouse the fith
    Black Helicopters

    How about this....

    Imagine a scenario where the Chinese insert a bit of code in a commonly used mobile chip at the point of manufacture that lies dorment until a specific audio trigger is heard (tv advert or song on radio etc). Upon hearing the trigger, unpleasentness happens to said devices, crippling a communications channel. Not beyond the realms of imposibillity and pretty damaging to a countrys mobile infrastructure if the chips are embeded far and wide. Come to think of it, a specific rf pulse would also be a good trigger.

    /tinfoil hat removed

    1. Anonymous Coward
      Anonymous Coward

      Re: How about this....

      > Imagine a scenario where the Chinese insert a bit of code in a commonly used mobile chip at the point of manufacture that lies dorment until a specific audio trigger is heard (tv advert or song on radio etc). Upon hearing the trigger, unpleasentness happens to said devices...

      Fart-triggered exploding toilet seats ?

    2. Destroy All Monsters Silver badge
      Holmes

      Re: How about this....

      Asians are always CRAZY PREPARED. This can be learned by reading Vernor Vinge's "A Deepness In the Sky" where Pham Nuwen distributes hidden eavesdropping stuff throughout a starship which helps him to get out of a Bad Situation.

  19. Adam T
    Big Brother

    Who is

    Miranda?

  20. Tree
    Mushroom

    Justin Beaver music infected my brain with a virus. Such torture! The cure is earplugs.

  21. Bog witch
    Black Helicopters

    Music controlling electronic devices?

    May I predict some 'experimental' musician introducing the words "OK Glass, take a picture" into the lyrics of their tracks? Or "OK Glass, signup for [bandname] newsletter" Perhaps "OK Glass, Install [malware/adware/spyware app]"

    Or my favourite: "OK Glass, send all my information to [insert goverment agency] then delete my account"

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019