MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication
This addresses a security vulnerability for air-gapped systems, enabling covert communication in scenarios where microphones are absent, representing a novel attack vector.
The paper tackled the problem of covert data exchange between air-gapped computers without microphones by exploiting audio chips to reverse speakers into input devices, achieving transmission distances of up to nine meters between speakers and three meters between headphones.
In this paper we show how two (or more) airgapped computers in the same room, equipped with passive speakers, headphones, or earphones can covertly exchange data via ultrasonic waves. Microphones are not required. Our method is based on the capability of a malware to exploit a specific audio chip feature in order to reverse the connected speakers from output devices into input devices - unobtrusively rendering them microphones. We discuss the attack model and provide technical background and implementation details. We show that although the reversed speakers/headphones/earphones were not originally designed to perform as microphones, they still respond well to the near-ultrasonic range (18kHz to 24kHz). We evaluate the communication channel with different equipment, and at various distances and transmission speeds, and also discuss some practical considerations. Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another. Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart. This enables 'headphones-to-headphones' covert communication, which is discussed for the first time in this paper.