Malware in the Music

Sue Marquette Poremba

As if there weren’t enough security threats that hover over smartphones and tablets, researchers at the University of Alabama at Birmingham have found that mobile malware attacks can be triggered by music.

As a serious music lover, you can bet this caught my attention. ESET’s WeLiveSecurity blog explained it this way:

A team of researchers was able to trigger pre-installed malware from a distance of 55 feet using music as a signal. They were also able to use light from monitor screens and overhead bulbs, as well as vibrations from a subwoofer in separate tests. Signals could be sent using “low-end PC speakers with minimal amplification and low volume,” the researchers said.

The researchers said that using sensors like music changes how we understand malware. Before, it was spread by written communication – an email, a download – something that we could see and read. And react to. If we saw a phishing email with a link or attachment with malware, we knew to ignore it and to make sure our AV software was working. As one of the researchers, Ragib Hasan, stated in a release:

We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that.

One positive note – this malware technology doesn’t seem to be a problem. Yet. As Shams Zawoad, a doctoral student and graduate assistant on the research team, pointed out, this type of attack is very sophisticated and is very difficult to execute. But the bad guys seem to catch on quickly, so you know it is just a matter of time.

So no, this isn’t something that enterprise will have to start building into their BYOD policy today or tomorrow. I can’t even imagine how difficult that would be to add – avoid places playing canned music or using artificial light? (Coffee shops would suddenly become silent and the fight to sit next to windows will be more brutal than the fight over tables next to power outlets.) However, it is something that security decision makers will have to keep an eye on to understand how the security will work against these sensors.

Add Comment      Leave a comment on this blog post
May 31, 2013 9:05 AM David David  says:
Hi Sue, Thank you for the informative security article. Now that is scary! The fact that people can trigger malware using music opens us to a new method of hacking our devices. Now just think what they could do with subsonic or hypersonic frequencies that we can’t detect! David Reply
Jun 7, 2013 7:37 AM Ryan Ryan  says:
Pandora could become an attack vector, and not just for dropping you music from channels you prefer to keep to yourself, on the channel you play at work! Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.