GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes

TL;DR

GAIROSCOPE demonstrates a novel ultrasonic covert channel that exploits resonance frequencies of smartphone gyroscopes to exfiltrate data from air-gapped computers without needing microphone access.

Contribution

This work introduces a new side-channel attack method using gyroscopes for data exfiltration, bypassing microphone access restrictions.

Findings

Effective data transmission over a few meters using Speakers-to-Gyroscope channel

Gyroscope signals can reliably encode binary information

Countermeasures can mitigate this covert channel

Abstract

It is known that malware can leak data from isolated, air-gapped computers to nearby smartphones using ultrasonic waves. However, this covert channel requires access to the smartphone's microphone, which is highly protected in Android OS and iOS, and might be non-accessible, disabled, or blocked. In this paper we present `GAIROSCOPE,' an ultrasonic covert channel that doesn't require a microphone on the receiving side. Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope. These inaudible frequencies produce tiny mechanical oscillations within the smartphone's gyroscope, which can be demodulated into binary information. Notably, the gyroscope in smartphones is considered to be a 'safe' sensor that can be used legitimately from mobile apps and javascript. We introduce the adversarial attack model and present related work. We provide the relevant technical background and show the design and implementation of GAIROSCOPE. We present the evaluation results and discuss a set of countermeasures to this threat. Our experiments show that attackers can exfiltrate sensitive information from air-gapped computers to smartphones located a few meters away via Speakers-to-Gyroscope covert channel.