MOSQUITO attack allows to exfiltrates data from Air-Gapped computers via leverage connected speakers

Haythem Elmir

MOSQUITO is new technique devised by a team of researchers at Israel’s Ben Gurion University, led by the expert Mordechai Guri, to exfiltrate data from an air-gapped network.

The technique leverage connected speakers (passive speakers, headphones, or earphones) to acquire the sound from surrounding environment by exploiting a specific audio chip feature.

Once again the team demonstrated that separating the computer networks from the Internet is not enough to protect them from attackers. In the past, the same group of researchers demonstrated that it possible to listen to private conversations by reversing headphones connected to a previously infected computer.

The MOSQUITO technique establishes a covert ultrasonic transmission between two air-gapped computers using speaker-to-speaker communication.

“In this paper, we show how two (or more) airgapped computers in the same room, equipped with passive speakers, headphones, or earphones can covertly exchange data
via ultrasonic waves.” reads the research paper.

“Microphones are not required. Our method is based on the capability of a malware to exploit a specific audio chip feature in order to reverse the connected speakers from output devices into input devices.”

The experts rely on the way speakers/headphones/earphones respond to the near-ultrasonic range (18kHz to 24kHz) to exploit the hardware that can be reversed to perform as microphones.


The Israeli team tested the MOSQUITO technique with different equipment at
various distances and transmission speeds.

The technique is stealth, two computers exchange data via audible sounds using speakers and headphones making impossible to discover it.

The experts shared two video proof-of-concept videos that show two air-gap computers in the environment that were infected with a malicious code developed by the experts.

The experts successfully tested the MOSQUITO technique in speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.

To read the original article:

Laisser un commentaire

Next Post

Dangerous CredSSP flaw opens door into corporate servers

A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be exploited by MitM attackers to run code remotely on previously uninfected machines and servers in the attacked network. About CredSSP CredSSP provides single sign-on (SSO) […]