I recently linked to an article on the BadBIOS malware that a researcher claimed infected computers that weren’t connected to a network. There has been a lot of discussion since whether or not such malware is even possible. Now some computer researchers have developed proof-of-concept malware that covertly jumps air gaps using inaudible sound. The malware requires computers to have both a microphone and speakers and can even create ad-hoc mesh networks. Whether or not something like this is in use by BadBIOS remains an open question but it shows that for true security it’s not enough to just disconnect from a network.