'Funtenna' uses sound waves, radio to hack internet of things

© Kacper Pempel
A new hacking technique that uses sound and radio waves can siphon data from devices even without internet access. Showcased at the Black Hat security summit in Las Vegas, the ‘Funtenna’ hack has the potential to unravel the Internet of Things.

By uploading a malicious program to a device, the hackers can vibrate the physical prongs on general-purpose input/output circuits at a frequency of their choice. The resulting vibrations can be picked up by an AM radio antenna.

The setup, dubbed “Funtenna” by its creators, was presented to the audience at the Black Hat hacking conference in Las Vegas on Wednesday by Ang Cui of the Manhattan-based Red Balloon Security.

Cui, who recently completed a PhD at Columbia University, spoke with several reporters before his presentation, providing a preview of the technique. Unlike the previous hacking techniques, “Funtenna” works by turning the infected device into a transmitter.

brief at the Black Hat site describes the Funtenna technique as “hardware agnostic” and able to operate with almost all modern computer systems and embedded devices. It is specifically intended to operate within hardware not designed to act as transmitters.

“We believe that Funtenna is an advancement of current state-of-the-art covert wireless exfiltration technologies,” involving radar guns in line of sight with physically implanted devices, the authors wrote.

In effect, Funtenna turns the much-hyped “Internet of Things” into bugs capable of transmitting data out of a network using audio waves, Cui explained to Motherboard’s Lorenzo Franceschi. By way of illustration, he made a cheap laser printer infected by the malware “sing” for the reporter.

Because the devices themselves are acting as transmitters, the technique bypasses all conventional network security. Just about the only way one could detect a transmitting device would be by physically checking it with an AM radio. If the radio static is interrupted by loud beeping, the device is secretly transmitting radio signals, Cui told CNN.

"You have network detection, firewalls... but this transmits data in a way that none of those things are monitoring," Cui said. "This fundamentally challenges how certain we can be of our network security."

Billions of devices around the world are being networked into the so-called “Internet of Things,” but experts warn the connectivity is being driven by functionality, with little concern for security implications. Hackers have already succeeded in taking control of automobiles, airplane computer systems, missile batteries and medical hardware.