Researcher found a new attack vector,MOSQUITO that can allows Air-Gapped Computers to masked Exchange Data

Last month, cybersecurity researchers demonstrated how to steal data from disconnected computers. Now they show how two computers with broken networks can transmit data through ultrasound in the same room. In the past, computers that were disconnected from the Internet were considered to be the most secure. They could only be connected through physical connections. Devices such as USB flash drives could be infected.

Now researchers at Ben-Gurion University in Israel have invented a new technology that can use the loopholes in audio processing chips to transfer sound from a passive speaker or headphones back to a microphone for data transmission. This technique is called “mosquito attack.” Two years ago, they also demonstrated how hackers can use headsets to access a host computer infected with a specific malware to eavesdrop on other people’s conversations, turning the computer into a bug.

Now researchers cannot only turn horns, headphones, and speakers into eavesdropping tools, but they can also be used to steal data from computers.

Because some horns, speakers, and headphone devices are sensitive to ultrasonic frequencies around 18 kHz to 24 kHz, they can be used as microphones. In addition, when data transmission is required, acoustic waves cannot be used, so the use of ultrasonic transmission data becomes the most effective method.

As you can see in the video, two computers with completely disconnected network use ultrasonic waves for data communication. In the past, hackers could use a U disk to infect one computer first, but they could not perform data transmission between two computers that had broken down. Now, this technology can realize the idea of hackers. There are three ways of this kind of attack behavior: the connection between the speaker and the speaker, the connection between the speaker and the earphone, and the connection between the earphone and the earphone.

According to experiments, the maximum transmission distance between the speaker and the speaker reaches 9 meters, the maximum transmission distance between the headphones is 3 meters, and the maximum transmission distance using the speaker connection can reach 8 meters, and 10 to 166 bits can be transmitted per second.

Ben-Gurion University’s research team has been working on how to attack off-net computers. The previous research results are as follows:

• aIR-Jumper attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision.
• USBee can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
• DiskFiltration can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.
• BitWhisper relies on heat exchange between two computers to stealthily siphon passwords and security keys.
• AirHopper turns a computer’s video card into an FM transmitter to capture keystrokes.
• Fansmitter technique uses noise emitted by a computer fan to transmit data.
• GSMem attack relies on cellular frequencies.

Source: thehackernews