Researchers at Israel's Ben-Gurion University of the Negev discovered a new technique in air-gapped attacks named...
Mosquito, which bites air-gapped computers to make them less secure. How does this technique work?
An attacker needs just three things to turn a speaker or set of headphones without a microphone into a listening device: a USB flash drive, an audio chip capable of emitting sound at near-ultrasonic frequencies and a way to measure the distance between two computers located in the same room to see if they are within range for the attack. The USB flash drive is used to infect air-gapped computers. Any integrated microphone on the computer or the external loudspeaker must be turned off, muted or taped, and the external microphone must be unplugged.
Since all connected speakers, including passive speakers, headphones, earphones and loudspeakers, respond well to the near-ultrasonic range -- 18 kHz to 24 kHz -- a listening device can help the attacker hear data and passwords from the victim's computer and record them on the attacker's computer.
The attack can be carried out within earshot of authorized users of the systems because ultrasonic transmissions are not detectable by the human ear. The ultrasound range starts around 20 kHz and can go up to several gigahertz; in either case, sound in these ranges are undetectable to humans -- our eardrums can't vibrate fast enough to hear any noise at those frequencies.
The risk to air-gapped networks is determined by the maximum distance that data can be covertly transmitted between two infected computers. When speaker-to-speaker communication is used, the computers can be placed a maximum of 29.5 feet apart, but when two headphones with the microphones turned off are used, the maximum distance is only 9.8 feet.
When using loudspeakers, data can be exchanged with a bit rate of 10 to 166 bits per second from a distance of 26 feet. Beyond the maximum distance, however, attackers will be unable to steal data from air-gapped computers.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Data security breaches
Related Q&A from Judith Myerson
A new threat named VPNFilter was discovered by cybersecurity researchers after home and office routers were compromised. Learn how this malware works... Continue Reading
A buffer underflow was found to be caused by a vulnerability in strongSwan's open source VPN. Learn how this is possible and how attackers can ... Continue Reading
Researchers found a vulnerability in OpenFlow that can cause problems. Learn how vendor-specific SDN controllers may cause these OpenFlow protocol ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.