The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.
Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.
Dubbed MOSQUITO, the new technique, discovered by a team of researchers at Israel’s Ben Gurion University, works by reversing connected speakers (passive speakers, headphones, or earphones) into microphones by exploiting a specific audio chip feature.
Two years ago, the same team of researchers demonstrated how attackers could covertly listen to private conversations in your room just by reversing your headphones (connected to the infected computer) into a microphone, like a bug listening device, using malware.
Now, with its latest research [PDF], the team has taken their work to the next level and found a way to convert some speakers/headphones/earphones that are not originally designed to perform as microphones into a listening device—when the standard microphone is not present, muted, taped, or turned off.
Since some speakers/headphones/earphones respond well to the near-ultrasonic range (18kHz to 24kHz), researchers found that such hardware can be reversed to perform as microphones.
Moreover, when it comes to a secret communication, it’s obvious that two computers can’t exchange data via audible sounds using speakers and headphones. So, inaudible ultrasonic waves offer the best acoustic covert channel for speaker-to-speaker communication.
Video Demonstrations of MOSQUITO Attack
Ben Gurion’s Cybersecurity Research Center, directed by 38-year-old Mordechai Guri, used ultrasonic transmissions to make two air-gapped computers talk to each other despite the high degree of isolation.
The attack scenarios demonstrated by researchers in the proof-of-concept videos involve two air-gap computers in the same room, which are somehow (using removable media) infected with malware but can not exchange data between them to accomplish attacker’s mission.
The attack scenarios include speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.
“Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another,” the researchers say.
“Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart.”
However, by using loudspeakers, researchers found that data can be exchanged over an air-gap computer from a distance of eight meters away with an effective bit rate of 10 to 166 bit per second.
It’s not the first time when Ben-Gurion researchers have come up with a covert technique to target air-gapped computers. Their previous research of hacking air-gap computers include:
- aIR-Jumper attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision.
- USBee can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
- DiskFiltration can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.
- BitWhisper relies on heat exchange between two computers to stealthily siphon passwords and security keys.
- AirHopper turns a computer’s video card into an FM transmitter to capture keystrokes.
- Fansmitter technique uses noise emitted by a computer fan to transmit data.
- GSMem attack relies on cellular frequencies.