New Threats Against Air-Gapped Systems

Smartphone gyroscopes as a threat vector

• Israeli researchers have demonstrated a new tactic to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. 
• Dubbed GAIROSCOPE, the attack leverages advanced installed malware and smartphone located in the proximity of the system.
• The malware installed in the system generates ultrasonic tones detectable by the microelectromechanical system (MEMS) gyroscope that is standard in many smartphones. 
• This would allow attackers to gather sensitive data, including passwords and encryption keys, and later encode it using frequency-shift keying.  

LEDs attached to NIC devices also pose a threat

• In another attack method demonstrated recently, researchers revealed that LEDs of integrated Network Interface Controller (NIC) of air-gapped devices can be exploited to exfiltrate data.
• The devices include PCs, servers, printers, network cameras, and embedded controllers.
• Named ETHERLED, the attack scenario involves gaining access to targeted devices via social engineering, malicious insiders, or a supply chain attack. This can allow threat actors to plant malware to collect sensitive data and use a covert channel to exfiltrate it.  
• To transmit the data, the attacker can use several types of modulation, including on-off keying (OOK), blink frequency, and color modulation. 

USB-borne threats are on the rise

• USB-borne malware is being leveraged in a large number of cyberattack campaigns against industrial targets.
• Honeywell noted that USB storage drivers can be used to infect systems with malware or compromise sensitive information. Ultimately, this can lead to the compromise of hardware and software used for critical operations.

The bottom line