'Mosquito' Attack Shows How Malware Can Exfiltrate Data via PC Speakers

Researchers from the Ben-Gurion University of the Negev in Israel demonstrated a proof-of-concept attack they named “Mosquito,” which can exfiltrate data from online and air-gapped computers using speakers and headphones.

Their research, titled “Mosquito: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication,” details an attack method that can covertly transmit and receive data by employing “jack retasking.” The technique switches the output audio jack to input jack, which then converts the speakers into microphones. This is a feature in modern audio chipsets that can actually be enabled through software. A specially crafted malware can exploit this and alter a speaker or headphone to act as a microphone. Data exfiltration is carried out between machines (at a distance of up to nine meters) through ultrasonic sound waves.

The researchers, Mordechai Guri, Yosef Solwicz, Andrey Daidakulov, and Yuval Elovici, also developed other data exfiltration techniques against air-gapped systems, including:

  • Odini: uses low-frequency magnetic signals generated by the CPU cores
  • Magneto: employs magnetic signals for data in air-gapped systems to leak to nearby smartphones
  • LED-it-Go: uses the light-emitting diodes (LED) to exfiltrate data from air-gapped networks
  • aIR-Jumper: uses infrared LED and security cameras to remotely communicate with air-gapped networks
  • BitWhisper: draws on temperature changes in the CPU/GPU of computers to enable adjacent air-gapped systems to communicate

The researchers explained that microphones were not required for Mosquito. They added that their method was "based on the capability of a malware to exploit a specific audio chip feature in order to reverse the connected speakers from output devices into input devices."

[TrendLabs Research: Testing the Built-in Security of Internet-Connected Speakers]

Video: How internet-connected speakers can leak information
about their owners to a potential attacker

While only experimental at this point, Mosquito demonstrates that no platform or device is impervious to security risks. This rings particularly true for internet-of-things (IoT) devices. While the technologies that power them may provide convenience, they can also come with vulnerabilities or system weaknesses that can leak personal or corporate data or further expose the network to threats.

The Trend Micro Forward-Looking Threat Research (FTR) Team’s Stephen Hilt delved into the security of IoT speakers and found that two popular brands of speaker systems were susceptible to exposing user data along with other information that could be used in an attack. The security gaps also included an open port that could allow online access to the device and its user information. Running these devices in workplace environments could compound the risks and challenges.

Indeed, these two studies show why security shouldn’t just be an afterthought, considering the new threats that are projected to be mainstays in today’s landscape. As the EU General Data Protection Regulation (GDPR) looms nearer, a proactive, multilayered approach to security is now a must — from the users, businesses, and online service providers down to the original equipment and design manufacturers themselves.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.