A group of dedicated security researchers known as Red Balloon Security actively work to detect and resolve threats to your imbedded systems. Basically, they discover new ways to hack into your connected devices—all those things that you use daily within the Internet of Things—with the intention of preventing this from actually occurring. Red Balloon Security realizes the constant, yet, oftentimes overlooked threat that devices like printers and phones pose to your business. Every day they’re discovering how to access the Internet of Things and transform your devices into “little eyes and ears surrounding you.”
Their latest find has been coined “Funtenna.” In short, their Funtenna can transform your printer into a radio or, what’s more commonly referred to as a “bug.” From your printer, they can extract data using audio waves that are undetectable to the human ear.
In theory, after malware is installed, they can turn any modern device into a transmitter. This includes devices such as your washing machine, kitchen appliances and thermostat. Without being detected and without tripping any legitimate ‘security wires’, they can move from your printer or phone straight through to your workstations. From here, they can extract any amount of data they want for an extended period of time.
Ang Cui, the Chief Scientist of Red Balloon Security, says all of this is accomplished through electromagnetic radiation and a series of 1s and 0s that are subsequently translated into computer code. Cui also says Funtenna could help explain various attacks that have occurred throughout the last few years—ones that many analysts have yet to wrap their heads around. For instance, badBIOS is malware that’s designed like “a strain of bacteria.” It can infect multiple devices, for many years, for no apparent reason. Funtenna’s ability to infect devices connected to your network could potentially explain the confusion surrounding badBIOS.
While this new research is undoubtedly exciting for the world of network security, it also raises a very serious concern to companies everywhere. Are your devices safe? Are they more vulnerable to outside threats than you once thought? Are there little eyes and ears in your office taking little bits of your business for themselves?