Abstract
In this paper we show how two or more air-gapped computers in the same room, equipped with passive speakers, headphones, or earphones can covertly exchange data via ultrasonic waves. Microphones are not required. Our method is based on the capability of a malware to exploit a specific audio chip feature in order to reverse the connected speakers from output devices into input devices - unobtrusively rendering them microphones. We discuss the attack model and provide technical background and implementation details. We show that although the reversed speakers/headphones/earphones were not originally designed to perform as microphones, they still respond well to the near-ultrasonic range (18 kHz to 24 kHz). We evaluate the communication channel with different equipment, and at various distances and transmission speeds, and also discuss some practical considerations. Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of 9 m away from one another. Moreover, we show that two (microphone-less) headphones can exchange data from a distance of 3 m apart. This enables ‘headphones-to-headphones’ covert communication, which is discussed for the first time in this paper.
Original language | English |
---|---|
Article number | 102458 |
Journal | Journal of Information Security and Applications |
Volume | 51 |
DOIs | |
State | Published - 1 Apr 2020 |
ASJC Scopus subject areas
- Software
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications