Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

New Air Gap-Jumping Attack Uses Ultrasonic Tones and Smartphone Gyroscope

A researcher from the Ben-Gurion University of the Negev in Israel has shown how a threat actor could stealthily exfiltrate data from air-gapped computers using ultrasonic tones and smartphone gyroscopes.

A researcher from the Ben-Gurion University of the Negev in Israel has shown how a threat actor could stealthily exfiltrate data from air-gapped computers using ultrasonic tones and smartphone gyroscopes.

The attack method, named GAIROSCOPE, assumes that the attacker has somehow managed to plant malware on the air-gapped computer from which they want to steal data, as well as on a smartphone that is likely to go near the isolated device.

According to researcher Mordechai Guri, the malware that is on the air-gapped computer can transmit ultrasonic tones using the device’s loudspeakers. These tones are inaudible and on a frequency that is picked up by a gyroscope.

Gairoscope attack setup

Gyroscope sensors in smartphones determine the direction of the device and they enable users to perform various actions by tilting the phone. This includes automatically rotating the screen and moving characters or objects in a game. Unlike the microphone, which is more difficult to access by a malicious application, a phone’s gyroscope can be accessed by iOS and Android malware that does not have as many permissions.

The malware that is on the isolated device collects valuable data such as passwords and encryption keys, and encodes it using audio frequency-shift keying, where one specified frequency represents a ‘0’ bit and a different frequency represents a ‘1’ bit. The malware uses the device’s speakers to transmit inaudible sounds at those frequencies.

On the phone side of the attack, the infected device’s gyroscope picks up those tones when it’s near the air-gapped computer. The method leverages previous research that showed how gyroscopes are vulnerable to acoustic attacks.

The hacker’s mobile malware continuously samples and processes the gyroscope sensor output. When it detects an exfiltration attempt — a specific bit sequence is used to signal the start of data transmission — it demodulates and decodes the data. The exfiltrated data can then be forwarded to the attacker using the phone’s internet connection.

Experiments conducted by Guri showed that the GAIROSCOPE method allows for a maximum data transmission rate of 8 bits/sec over a distance of up to 8 meters (26 feet).

This is not the only air gap-jumping attack method presented by Guri this week. He has also published a paper demonstrating how hackers could silently exfiltrate data from isolated systems using the LEDs of various types of networked devices.

In the past years, researchers from the Ben-Gurion University of the Negev have demonstrated several methods for covertly exfiltrating data from air-gapped networks, including by using RAM-generated Wi-Fi signals, fan vibrationsheat emissions, HDD LEDs, infrared cameras, magnetic fields, power lines, router LEDs, scanners, screen brightness, USB devices, and noise from hard drives and fans.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...