
Sensitive data could be stolen from a secure computer by infecting it with malware that makes its speakers play ultrasonic frequencies to vibrate nearby smartphones, encoding the data in the movement.
鈥淎ir-gapped鈥 computers, which often have their Wi-Fi, Bluetooth and internet connections disabled, are commonly used by government security services and key infrastructure control systems to prevent hackers from gaining access remotely. at Ben-Gurion University of the Negev, Israel, has spent years devising unusual techniques for getting data out of such systems.
In the past, he has managed to extract information from such computers by encoding it in rapid adjustments of their screen brightness, flickering power LEDs and even transmitting it via radiation given off from hard disc cables. If malware can be introduced to these secure networks, any or all of these techniques can be used to extract sensitive information.
Advertisement
Guri鈥檚 latest research relies on an air-gapped computer using its standard speakers to broadcast an ultrasonic frequency that matches the resonant frequency of the tiny mechanical components inside smartphone gyroscopes, the devices that tell our handsets how they are oriented and moving in space.
The transmitting computer can encode data in these vibrations, and malware on the receiving smartphone can decode it and transmit it onwards to the hacker. Unlike microphones, which apps usually need explicit permission to access because of the risk of eavesdropping, most phones allow any software to access gyroscope data, making it more likely that the malware would work. It also means there is less chance of it being discovered.
In tests, Guri used a slightly shifting signal of about 19,000 hertz to interfere with the gyroscope in three models of widely available smartphones. Data was encoded in the signal, consisting of an initial binary sequence 鈥1010鈥 that alerted the malware to an incoming transmission, followed by 12 bits of data. Although transmitting information would be slow, it would allow sensitive data from the air-gapped device to leak out over time, and be easily transmitted from the phone to the attacker.
Guri was able to achieve data speeds between computer and smartphone of between 1 and 8 bits a second at distances of up to 6 metres. He says the ultrasound noise would be interpreted as movement by the phone once it vibrates parts of the internal gyroscope, but that it would be at a low level that wouldn鈥檛 disrupt functionality or arouse suspicion. He continues to work on new ways to crack these computers.
鈥淎ir gaps is a challenging scope, I find it interesting from the academic perspective,鈥 says Guri. 鈥淚t seems that no computer can be really safe from attacks.鈥
Reference: