Researchers at Israel's Ben-Gurion University of the Negev discovered a new technique in air-gapped attacks named...
Mosquito, which bites air-gapped computers to make them less secure. How does this technique work?
An attacker needs just three things to turn a speaker or set of headphones without a microphone into a listening device: a USB flash drive, an audio chip capable of emitting sound at near-ultrasonic frequencies and a way to measure the distance between two computers located in the same room to see if they are within range for the attack. The USB flash drive is used to infect air-gapped computers. Any integrated microphone on the computer or the external loudspeaker must be turned off, muted or taped, and the external microphone must be unplugged.
Since all connected speakers, including passive speakers, headphones, earphones and loudspeakers, respond well to the near-ultrasonic range -- 18 kHz to 24 kHz -- a listening device can help the attacker hear data and passwords from the victim's computer and record them on the attacker's computer.
The attack can be carried out within earshot of authorized users of the systems because ultrasonic transmissions are not detectable by the human ear. The ultrasound range starts around 20 kHz and can go up to several gigahertz; in either case, sound in these ranges are undetectable to humans -- our eardrums can't vibrate fast enough to hear any noise at those frequencies.
The risk to air-gapped networks is determined by the maximum distance that data can be covertly transmitted between two infected computers. When speaker-to-speaker communication is used, the computers can be placed a maximum of 29.5 feet apart, but when two headphones with the microphones turned off are used, the maximum distance is only 9.8 feet.
When using loudspeakers, data can be exchanged with a bit rate of 10 to 166 bits per second from a distance of 26 feet. Beyond the maximum distance, however, attackers will be unable to steal data from air-gapped computers.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Data security breaches
Related Q&A from Judith Myerson
Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the ... Continue Reading
ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk ... Continue Reading
Siemens disclosed six Siclock flaws that were found within its central plant clocks. Discover why three flaws have been rated critical and how threat... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.