Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Stealthy Data Exfiltration Possible via Headphones, Speakers

A team of researchers has demonstrated how air-gapped computers can stealthily communicate with each other using speakers or headphones over ultrasonic waves.

A team of researchers has demonstrated how air-gapped computers can stealthily communicate with each other using speakers or headphones over ultrasonic waves.

Experts from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel combined previous research on communications through ultrasonic waves with a technique that can be used to turn a device’s speakers into a microphone in an effort to create a covert data exfiltration channel.

Researchers demonstrated several years ago that audio modulation and demodulation can be used to exchange data between computers over the air via the ultrasonic frequency range. The method requires that the devices communicating with each other are equipped with both microphones and speakers.

However, it’s possible to turn speakers, headphones or earphones into microphones using only software, which Ben-Gurion University researchers demonstrated back in 2016 in an attack they dubbed SPEAKE(a)R.

Experts have now combined the two methods to show that a piece of malware installed on an air-gapped system fitted with speakers, headphones or earphones can transmit bits of data to one or more nearby devices running malware designed to capture the data via an audio output system turned into a microphone. These types of attacks, which they have dubbed MOSQUITO, can be launched in scenarios involving desktop computers that don’t have a microphone, or when the microphone on a laptop or desktop system has been disabled or taped.

The data exchange can take place over inaudible sound waves at frequencies of 18kHz or higher, which can be captured by regular headphones or speakers. The data can be modulated through audio frequency-shift keying (AFSK), which uses one frequency to transmit “0” bits and a different frequency to transmit “1” bits.

MOSQUITO attack

Tests conducted by researchers showed that a transfer rate ranging between 1200 bits/sec and 1800 bits/sec can be obtained for up to 8 meters (26 feet) for audible frequencies transmitted and captured using loudspeakers. The transfer rate drops to between 300 bits/sec and 600 bits/sec for inaudible frequencies.

Advertisement. Scroll to continue reading.

Experiments conducted using headphones and earphones as recipients showed that they are not much worse than speakers, with transfer rates ranging between 300 bits/sec and 600 bits/sec over distances of 1m (3ft), 5m (16ft) and 8m (26ft). However, performance is significantly degraded when headphones are used both by the sender and the recipient — it only works over a distance of up to 3m (10ft) at a maximum of 250 bits/sec.

It’s worth noting that these are upper theoretical transmission rates. In practice, the transfer rate is influenced by environmental noise, the position of the transmitter and receiver, and bit error rates.

“Our experiments shows that at a distance of three meters between two speakers, a transmission rate of 166 bit/sec results in a 1% bit error rate, during the exfiltration of a 1Kbit binary file,” researchers explained in their paper. “However, at distances of 4-9 meters, the 1% bit error rate is only achieved at transmission rates of 10 bit/sec. Our waveform analysis shows that the signal quality is degraded at distances greater than four meters mainly due to the environmental noise, which results in a lower SNR.”

Researchers at the Ben-Gurion University of the Negev previously demonstrated that stealthy data exfiltration is also possible via magnetic fieldsinfrared camerasrouter LEDsscannersHDD activity LEDs, USB devices, the noise emitted by hard drives and fans, and heat emissions.

Related: Dell Launches Endpoint Security Product for Air-Gapped Systems

Related: Hackers Can Steal Data From Air-Gapped Industrial Networks via PLCs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem