GAIROSCOPE: Leaking Data from Air-Gapped Computers to Nearby Smartphones using Speakers-to-Gyro Communication

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

It is known that malware can leak data from isolated, air-gapped computers to nearby smartphones using ultrasonic waves. However, this covert channel requires access to the smartphone's microphone, which is highly protected in Android OS and iOS, and might be non-accessible, disabled, or blocked. In this paper we present 'GAIROSCOPE, ' an ultrasonic covert channel that doesn't require a microphone on the receiving side. Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope. These inaudible frequencies produce tiny mechanical oscillations within the smartphone's gyroscope, which can be demodulated into binary information. Notably, the gyroscope in smartphones is considered to be a 'safe' sensor that can be used freely from mobile apps and javascript. We introduce the adversarial attack model and present related work. We provide the relevant technical background and show the design and implementation of GAIROSCOPE. We present the evaluation results and discuss a set of countermeasures to this threat. Our experiments show that attackers can exfiltrate sensitive information from air-gapped computers to a smartphone located a few meters away via Speakers-to-Gyroscope covert channel.

Original languageEnglish
Title of host publication2021 18th International Conference on Privacy, Security and Trust, PST 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages10
ISBN (Electronic)9781665401845
DOIs
StatePublished - 2021
Event18th International Conference on Privacy, Security and Trust, PST 2021 - Auckland, New Zealand
Duration: 13 Dec 202115 Dec 2021

Publication series

Name2021 18th International Conference on Privacy, Security and Trust, PST 2021

Conference

Conference18th International Conference on Privacy, Security and Trust, PST 2021
Country/TerritoryNew Zealand
CityAuckland
Period13/12/2115/12/21

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Instrumentation

Fingerprint

Dive into the research topics of 'GAIROSCOPE: Leaking Data from Air-Gapped Computers to Nearby Smartphones using Speakers-to-Gyro Communication'. Together they form a unique fingerprint.

Cite this