Jump to content
Sign in to follow this  

Data Exfiltration Technique Steals Data From PCs Using Speakers, Headphones

Recommended Posts



A well-established research team from the Ben-Gurion University of the Negev in Israel has detailed today a new method of extracting data from air-gapped computers using speakers, headphones, earphones, or earbuds.

The attack is only experimental at this point, has not been seen in the real world, but has been proven to work and researchers have also created a custom protocol for transmitting data between two computers* —one air-gapped and one Internet-connected that can relay the data further.

Attack scenarios include speaker-to-speaker exfiltration, speaker-to-headphones, and headphones-to-headphones.

Jack retasking strikes again!


The attack —nicknamed MOSQUITO— is possible because of a technique called "jack retasking" that reverses output audio jacks to input jacks, effectively turning speakers into (unconventional) microphones.

The same research team explored jack retasking in a previous research project last year, called Speake(a)r, which researchers used to turn headphones into microphones and record nearby audio and conversations.

For the current experiment, researchers argue that malware that managed to infect an air-gapped computer can transform and modulate locally stored files into audio signals and relay them to another nearby computer via connected speakers, headphones, earphones, or earbuds.

The receiving computer, also infected with malware, uses jack retasking to convert connected speakers, headphones, earphones, or earbuds into a makeshift microphone, receive the modulated audio, and convert back into a data file.

MOSQUITO attack supports pretty fast transfer speeds


Researchers created a custom data protocol that modulates binary data into audio signals, and they tested their attack for distances between 1 and 9 meters (3.2 to 29.5 feet).

Researchers said they managed to transfer data between two computers with speeds varying from 1800 bits/s and 1200 bits/s for speakers facing each other and emitting sound in audible frequency bands (lower than 18kHz).

Transfer speeds decreased if the speakers weren't facing each other, the distance between speakers increased, or audio frequency changed (towards low or high frequency). While the first two factors are self-explanatory, the last needs an additional explanation.

"The reason for that is that loudspeakers, and particularly home grade PC loudspeakers, were projected and optimized for human auditory characteristics, and therefore they are more responsive to the audible frequency ranges," said researchers.

Transfer speeds also decreased when using earphones or earbuds (varied between 600 bits/s and 300 bits/s) and went even lower for headphones (around 250 bits/s). The reason was that headphones directed their sound waves in one particular direction, limiting efficient exfiltration cases to very small distances when headphones were close to each other, and when they emitted sound in audible frequencies only.

Other factors that decreased data transfer speeds included environment noise such as music and speech, but researchers said this could be mitigated by moving the data exfiltration frequency above 18kHz.

The research team discusses various mitigation and countermeasures in their research paper entitled "MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-SpeakerCommunication." They also released the following demos to showcase their work.

[embedded content]

[embedded content]

The research center from the Ben-Gurion University of the Negev who came up with this new data exfiltration technique has a long history of innovative and sometimes weird hacks, all listed below:

LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED

SPEAKE(a)R - use headphones to record audio and spy on nearby users

9-1-1 DDoS - launch DDoS attacks that can cripple a US state's 911 emergency systems

USBee - make a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data

AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data

Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan

DiskFiltration - use controlled read/write HDD operations to steal data via sound waves

BitWhisper - exfiltrate data from non-networked computers using heat emanations

Unnamed attack - uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems

xLED - use router or switch LEDs to exfiltrate data

Shattered Trust - using backdoored replacement parts to take over smartphones

aIR-Jumper - use security camera infrared capabilities to steal data from air-gapped networks

HVACKer - use HVAC systems to control malware on air-gapped systems

MAGNETO & ODINI - steal data from Faraday cage-protected systems


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...