The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.
Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.
Dubbed MOSQUITO, the new technique, discovered by a team of researchers at Israel's Ben Gurion University, works by reversing connected speakers (passive speakers, headphones, or earphones) into microphones by exploiting a specific audio chip feature. Two years ago, the same team of researchers demonstrated how attackers could covertly listen to private conversations in your room just by reversing your headphones (connected to the infected computer) into a microphone, like a bug listening device, using malware.
Now, with its latest research [PDF], the team has taken their work to the next level and found a way to convert some speakers/headphones/earphones that are not originally designed to perform as microphones into a listening device—when the standard microphone is not present, muted, taped, or turned off.
Since some speakers/headphones/earphones respond well to the near-ultrasonic range (18kHz to 24kHz), researchers found that such hardware can be reversed to perform as microphones. Moreover, when it comes to a secret communication, it's obvious that two computers can't exchange data via audible sounds using speakers and headphones. So, inaudible ultrasonic waves offer the best acoustic covert channel for speaker-to-speaker communication.
Video Demonstrations of MOSQUITO Attack
Ben Gurion's Cybersecurity Research Center, directed by 38-year-old Mordechai Guri, used ultrasonic transmissions to make two air-gapped computers talk to each other despite the high degree of isolation.
The attack scenarios demonstrated by researchers in the proof-of-concept videos involve two air-gap computers in the same room, which are somehow (using removable media) infected with malware but can not exchange data between them to accomplish attacker's mission. The attack scenarios include speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.
However, by using loudspeakers, researchers found that data can be exchanged over an air-gap computer from a distance of eight meters away with an effective bit rate of 10 to 166 bit per second.