Security News > 2022 > August > New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.

"Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope," Dr. Guri said in a new paper published this week.

The transmission is then detected by an infected smartphone that's in close physical proximity and which listens through the gyroscope sensor built into the device, following which the data is demodulated, decoded, and transferred to the attacker via the Internet over Wi-Fi. This is made possible due to a phenomenon called ultrasonic corruption that affects MEMS gyroscopes at resonance frequencies.

Experimental results show that the covert channel can be used to transfer data with bit rates of 1-8 bit/sec at distances of 0 - 600 cm, with the transmitter reaching a distance of 800 cm in narrow rooms.

The speakers-to-gyroscope covert channel is also advantageous from an adversarial point of view.

Mitigating GAIROSCOPE requires organizations to enforce separation policies to keep smartphones at least 800 cm away or more from secured areas, remove loudspeakers and audio drivers from endpoints, filter out ultrasonic signals using firewalls SilverDog and SoniControl, and jam the covert channel by adding background noises to the acoustic spectrum.

News URL

https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html