Smartphone gyroscopes threaten air-gapped systems, researcher finds

2022-08-23 18:00

A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University's Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes and sending Morse code signals via LEDs on network interface cards.

Dubbed Gairoscope and EtherLED respectively, the two exploits are the latest in a long line of research from Guri, who has previously developed air gap exfiltration methods, including stealing data by reading the radio frequency of networking cables, using RAM buses to transmit data electromagnetically, and doing the same with power supplies.

The problem with phone gyroscopes is that, unlike microphones that are generally visibly activated, Gyroscopes can be "Used by many types of applications to ease the graphical interfaces, and users may approve their access without suspicion," Guri wrote in the paper.

Guri cites a lack of visual indicator in iOS and Android that the gyroscope is being used and the fact that smartphone gyroscopes can be accessed from a browser using JavaScript, meaning - in theory - that no actual malware need be installed on the device to execute the attack.

Air gapping is used widely in military and defense systems, and Guri describes it as a common security practice in critical infrastructure, government agencies, finance, and industrial systems.

Guri cites Stuxnet, a joint operation between the US and Israel to destroy Iranian nuclear enrichment systems, as a successful air gap infiltration.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/23/phone_gyroscopes_airgapped_systems/

#researcher #smartphone