On acoustic covert channels between air-gapped systems

Abstract

In this work, we study the ability for malware to leak sensitive information from an air-gapped high-security system to systems on a low-security network, using ultrasonic and audible audio covert channels in two different environments: an open-concept office and a closed-door office. Our results show that malware installed on unmodified commodity hardware can leak data from an air-gapped system using the ultrasonic frequency range from 20 kHz to 20.5 kHz at a rate of 140 bps and at a rate of 6.7 kbps using the audible spectrum from 500. Hz to 18 kHz. Additionally, we show that data can be communicated using ultrasonic communication at distances up to 11m with bit rates over 230 bps and a bit error rate of 2%. Given our results, our attacks are able to leak captured keystrokes in real-time using ultrasonic signals and, using audible signals when nobody is present in the environment - the overnight attack, both keystrokes and recorded audio.