MOSQUITO is new technique devised by a team of researchers at Israel’s Ben Gurion University, led by the expert Mordechai Guri, to exfiltrate data from an air-gapped network.
The technique leverage connected speakers (passive speakers, headphones, or earphones) to acquire the sound from surrounding environment by exploiting a specific audio chip feature.
Once again, amazingly, the team demonstrated that separating the computer networks from the Internet is not enough to protect them from attackers. In the past, the same group of researchers demonstrated that it possible to listen to private conversations by reversing headphones connected to a previously infected computer.
The MOSQUITO technique establishes a covert ultrasonic transmission between two air-gapped computers using speaker-to-speaker communication.
“In this paper, we show how two (or more) airgapped computers in the same room, equipped with passive speakers, headphones, or earphones can covertly exchange data via ultrasonic waves.” reads the research paper.
“Microphones are not required. Our method is based on the capability of a malware to exploit a specific audio chip feature in order to reverse the connected speakers from output devices into input devices.”
The experts rely on the way speakers/headphones/earphones respond to the near-ultrasonic range (18kHz to 24kHz) to exploit the hardware that can be reversed to perform as microphones.
The Israeli team tested the MOSQUITO technique with different equipment at
various distances and transmission speeds.
The technique is stealth, two computers exchange data via audible sounds using speakers and headphones making impossible to discover it.
The experts shared two video proof-of-concept videos that show two air-gap computers in the environment that were infected with a malicious code developed by the experts.
The experts successfully tested the MOSQUITO technique in speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.
“Our results show that the speaker-to speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another.” continues the paper. “Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart. This enables ’headphones-to-headphones’ covert communication,”
Researchers were able to exchange data over an air-gap computer from a distance of eight meters away with an effective bit rate of 10 to 166 bit per second.
Further info on the technique is included in the research paper,
Past research conducted by Ben-Gurion researchers related to the hack of air-gapped networks are:
- aIR-Jumper attack exfiltrates sensitive data from air-gapped computers using security cameras with Infrared capabilities.
- USBee exfiltrates sensitive data from air-gapped computers using radio frequency transmissions from USB connectors.
- DiskFiltration steals sensitive data using acoustic signals emitted from the hard disk drive (HDD) of air-gapped computers.
- BitWhisper that is based on the heat emissions and built-in thermal sensors.
- AirHopper exfiltrates sensitive data from air-gapped computers security cameras and infrared.
- Fansmitter exfiltrates sensitive data from air-gapped computers exploiting noise emitted by a computer fan to transmit data.
- GSMem attack relies on cellular frequencies.
Pierluigi Paganini, Editor-in-Chief
Cyber Defense Magazine