Air-gapped computers which were believed to be the most secure kind of systems can be hacked too according to a new study that has emerged recently. Though the idea has been here for a long time and the same team demonstrated how hackers can listen to private conversations via reversed headphones in air-gapped computers. This has brought a series of questions forward as to how do they do it and what are the probable solutions to avoid such attack.
Air-gapped computers
This is a security measure which is employed on one or more computers in an isolated environment. This is done to avoid interference, attacks or hacking via the public internet or even local network. The idea is separating the computer systems physically with no connection to each other whatsoever. The only way to interact these computers with one another is through USBs or external devices. This security measure is taken up when the computers contain sensitive and classified data that one doesn’t want to be shared out of the setting of the system. Up until recently, these were believed to be the safest way of storing data. After the demonstration of the possibility of tapping in air capped computers, now the team has established even data can be exchanged in such systems. This has released many questions.
The MOSQUITO Technique
The technique by the team of researchers in Israel’s Ben Gurion University has been named MOSQUITO. This technique reverses the role of a passive speaker (Headphones or earphones) into a microphone. The team in their research revealed that in the absence of a microphone or even if it is muted or tapped off, a headphone can covertly be reversed to be used as a microphone. This is possible as some headphones, earphones, and speakers are responsive to the Ultra Sound range of 18KHz to 24KHz, they can be reversed. Such inaudible ultrasound waves can be easily used to listen to secret communication between a speaker to another speaker.
The Cyber Security Research Center of Ben Gurion which was led by a 38-year-old Mordechai Guri made two speakers talk via ultrasound waves despite a high-level f isolation. The team in one of their proof-of-theory videos explained a scenario where 2 air-gapped computers are infected by the malware but cannot exchange the data physically thus slashing the attacker’s objectives. In this attack case, a speaker to speaker, speaker t headphone, and headphone to headphone case was conducted using the MOSQUITO technique. The results were astounding.
“Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another,” the team told. “Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart.”
What is more amazing is that the team found a rate of 10 to 166 bit per second exchange rate of data when loudspeakers were used in 2 air-gapped computers 8 meters away.
Ben Gurion is a known name in partaking covert experiments to target the air-capped theory. Their research as enlightening as it also includes several other bases:
- an aIR-Jumper attack that steals sensitive data from air-gapped computers with the help of infrared-equipped night vision CCTV cameras.
- DiskFiltration can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.
- Transmitter technique uses noise emitted by a computer fan to transmit data.
- GSMem attack that depends on cellular frequencies.
- USBee can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
- AirHopper that captures keystrokes by turning a computer’s video card into an FM transmitter.
- BitWhisper which depends on heat exchange between two computers to invisibly exchange passwords and security keys.
About the author:
Win Infosoft is a Digital Marketing agency with years of experience in providing the best possible services in PPC, SEO, SMM, Website and App developments. If you are looking for someone to convert your website into HTTPS, contact us today for a smooth transition.