Novel attack exploits air-gapped computers internal speaker for data theft

BleepingComputer reports that data leaks could be achieved by threat actors using the new CASPER covert channel attack, which exploits the internal speakers of air-gapped computers. Introduced by researchers at Korea University's School of Cyber Security, the CASPER attack involves the utilization of computers' internal speakers to facilitate data transmission to receiving microphones as far as 1.5 meters away. Threat actors could achieve malware transmission of an eight-character password within three seconds, while a 2048-bit RSA key could be transmitted within 100 seconds, given the maximum reliable transmitting bit rate of 20 bits per second, according to researchers. "Our method is slower in transferring data compared to other covert channel technologies using optical methods or electromagnetic methods because the speed of data transfer by sound is limited," said researchers. Researchers noted that while different frequency bands could be used for various simultaneous transmissions to enable accelerated data rates, single frequency band sound production by internal speakers limits the attack.