A research team from Israel’s Ben-Gurion University of the Negev ‘s cybersecurity research center has discovered a new way of data extraction from air-gapped computers via using passive devices like earbuds, earphones, headphones, and speakers.
Now, the same research center has claimed to be able to use computer speakers and headphones to act as microphones and receive data. The devices can be used to send back the signals and make the otherwise safe practice of air-gapping less secure.
As per the new technique [PDF], data is extracted in the form of inaudible ultrasonic sound waves and transmission occurs between two computers installed in the same room while data is shared without using microphones.
The research team created a custom protocol to carry out data transmission between two computers. One of them would be air-gapped while the other is connected to the internet and used to further relay the data. Through the attack, researchers claim to carry out speaker-to-headphone, headphone-to-headphone, and speaker-to-speaker data exfiltration.
Findings of this research were published by ArXiv on Friday in an academic paper titled “MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication.” Researchers explained that their research shows how speakers can secretly be used to carry out data transmission between unconnected computers located within a distance of 9 meters.
The reason why they used speakers is that these can be considered microphones working in reverse order; speakers convert electronic signals into acoustic signals whereas microphones convert acoustic signals into electric. The conversion is assisted by a diaphragm in each of these devices, which can be used to reverse the process. This process of reversing the mechanism of a device like a speaker is called jack retasking.
A majority of new audio chipsets can be used for jack retasking (like those from Realtek) because these offer an option of altering the audio port function through software. Malware can be used to reconfigure a speaker or headphone so that it acts like a microphone given that the device is unpowered and passive. The paper reads:
“The fact that loudspeakers, headphones, earphones, and earbuds are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically, changing it from output to input, creates a vulnerability which can be abused by attackers.”
In the MOSQUITO attack, the malware researchers used infected an air-gapped computer and could also be used to modulate or transform locally stored documents into audio signals. These signals could easily be relayed to another computer using headphones, earbuds or speakers.
The receiving computer would also be infected with malware and will convert connected speakers or headphones using jack retasking technique to make them serve as a microphone. The catch is that most of the PCs now have passive speakers while these have active, powered headphones, earbuds, and speakers.
“The main problem involves headphones, earphones, and earbuds since they are reversible and can become a good pair of microphones (even when they don’t have an integrated mic at all),” stated head of R&D at Ben-Gurion University’s research center and co-author of the paper Mordechai Guri.
To read the original article: