Covert channel are used to transfer information between processes that aren't allowed to communicate as define by computer security policy. Information transmitted in such form are often not transmitted through legitimate transfer mechanism.
A recent published paper by Fraunhofer FKIE - On Covert Acoustical Mesh Networks in Air - demonstrated a new way to transmit data through microphone and speaker on a normal laptop. Using inaudible sound signal and a mesh network of laptop, they are able to create covert acoustical mesh network which can be communicated between air gap networks.
To create such a network for communication, a few participants are needed:
Infected victim: A machine that is infected with the malware and will leak information by broadcast inaudible signal through the in-built speaker
Infected drone: A machine or a group of machines that is/are targeted and will serve as a router to route the information (via covert channel) to the destination
They did this by having the victim broadcasting sound signal that are not within the human hearing range. Other laptop (pre-configured) nearby will then be able to capture the audio signal using the in-built microphone within them and help in routing the signal to the destination. Hence, this can bypass security mechanism in place to prevent information leakage.
This form of transmission can be limited as the transmission rate is only about 20 bit/s. However, it is still leak some information such as keystroke capture of the victim. One of the possible application described in the paper is acoustical multi-hop keylogger.
The paper suggested some countermeasure such that one can adopt
Disable audio in and output
implementing audio filter that block high frequency range
Source: Scientist-developed malware covertly jumps air gaps using inaudible sound