Researchers have found another way that potentially risks the security of air-gapped systems. Dubbed as CASPER attack, the strategy presents a cover channel attack allowing data exfiltration from an air-gapped system via a nearby smartphone.
CASPER Attack Targeting Air-Gapped Systems
Researchers from the School of Cyber Security at Korea University, Seoul, devised the CASPER attack to extract data from air-gapped systems.
According to the researchers, numerous studies have demonstrated how such cover attacks are possible on air-gapped systems using external speakers. However, today, not many computers have external speakers in such a setup. Nonetheless, such systems still remain vulnerable to cyberattacks. That’s what the researchers demonstrated by targeting air-gapped systems with internal speakers on the motherboard.
The attack strategy involves exploiting the internal speakers of an air-gapped system’s motherboard to generate high-frequency sounds carrying the information. A nearby smartphone (within 1.5m) can then serve as a receiving device for those sounds to decipher the data.
In their experiment, the researchers encoded the data in Morse code (for alphabets) or binary code (when transferring images and other files). They used an Ubuntu 20.04.1 64-bit system as the target system infected with malware that allowed them root privileges to exploit the internal speaker and a Galaxy Z Filp3 5G smartphone as the receiver device. The researchers observed the rate of data transference as around 20 bits/second maximum using this method.
Limitations And Countermeasures
Since the CASPER attack typically relies on internal speakers, removing them, or ensuring selective installation of internal speakers can be a countermeasure to prevent this attack. Besides, installing devices to detect unusual signals in inaudible frequencies around air-gapped systems can also help prevent such covert attacks.
As for the limitations, the researchers specifically mentioned the slow data transfer rate which, if not made it impossible, makes it difficult to be used in a real-world attack scenario.
Details about the entire experiment are available in the researchers’ detailed research paper available here.
Let us know your thoughts in the comments.