Audio leakage happens when the audio played by the secret computer is leaking through the KVM to another computer where its audio codec controlled by a malicious code filter it and convert it into a digital stream that is then sent to the remote attacker.
Attack process:
- The remote attacker gains full/limited access to one (1) connected computer (first computer).
- Through that computer, the remote attacker detects KVM audio signaling vulnerability.
- Attacker uses the audio codec in the first computer to listen to weak audio signals coming from the KVM through the microphone output.
- When the user plays secret audio at the secret computer connected to the same KVM, the weak audio signal is received by the first computer audio codec where it is amplified, filtered and digitized.
- The captured audio stream is then sent by the malicious code at the first computer to the remote attacker.
Rationale:
- T.INFECTED - At least one (1) computer must be infected to initiate this attack.
- T.SIGTRANSFER - To initiate this attack, KVM must have signaling vulnerability to analog audio signal. This vulnerability may be the common ground or the presence of microphone switching circuitry in the KVM.
Related Articles:
What is network data leakage
What is network code injection
