Computers separated from the internet are vulnerable to new hacks using unconnected smartphones to steal data such as passwords and keystrokes, according to Israeli researcher Mordechai Guri.
Air-gapped computers do not have wireless activity and are used by governments to store classified information and by organizations to manage critical infrastructure such as power and energy systems.
These machines are not impenetrable, however, and Mr. Guri disclosed a new method that uses malicious software to create ultrasonic frequencies on the secure machines that are detectable by smartphones located nearby. Information from the computer is transmitted through the frequency that is collected by the phone and deciphered by a cyberattacker.
“These inaudible frequencies produce tiny mechanical oscillations within the smartphone’s gyroscope, which can be demodulated into binary information,” Mr. Guri wrote in a paper published last week.
The gyroscope sensor in a smartphone is the mechanism that determines the rotation of the device, such as whether a user is viewing a smartphone horizontally or vertically.
Mr. Guri wrote that his “GAIROSCOPE” method for creating a covert communications channel works for phones located a “few meters away” and he published a video demonstrating its success. In the video, words typed on the secure computer appear on the smartphone despite the absence of an internet connection.
SEE ALSO: Sen. Lindsey Graham predicts ‘riots’ if Trump is prosecuted
Since July, Mr. Guri has published multiple methods of compromising air-gapped computers identified in his work as the head of research and development at the Cyber Security Research Center at Ben Gurion University in Israel. One method he dubbed “ETHERLED” turns a secure computer’s blinking LED lights into morse code to transmit data from the secure computer.
Mr. Guri did not directly answer when asked if he shared information with governments or critical infrastructure operators before publication or if he has heard from such entities afterward. He said his work is publicized for everyone to read since he works at an academic research lab and he regularly works with a “wide range of organizations all the time.”
Asked whether anyone has used the methods he disclosed in any hack, Mr. Guri said in an email, “Lol, I don’t know.”
Mr. Guri’s paper on the method using smartphone gyroscopes mentions the intelligence community and military networks as places using air-gapped machines.
The U.S. intelligence community has rules in place designed to protect air-gapped machines operating in sensitive compartmented information facilities. Portable electronic devices and those with recording capabilities and embedded technologies face restrictions from entering these facilities, according to technical specifications published by the Office of the Director of National Intelligence last year.
Government agencies are not the only places where sensitive information is stored. For example, the FBI previously used a sensitive compartmented information facility at the law firm Perkins Coie, which is well-known for representing Democratic clients. Former President Donald Trump’s Mar-a-Lago residence housed a secure facility during his presidency, according to reports.