Air gapping – not as secure as you think – enter Gairoscope and EtherLED

I have reported on other air gap exploits by Mordechai Guri, from Ben-Gurion University in Israel – here are two more ways that the secure air gapped system can be exploited:

GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes (arxiv.org)

ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs (arxiv.org)

Gairoscope uses a smartphone gyroscope, normally used for positional data, as a covert ultrasonic channel to exfiltrate data from an air gapped system. Similar demonstrations used the smartphone microphone as the receiving channel, however the microphone can be difficult to access as it is usually a protected sensor, however the gyroscope is considered a safe sensor with little protection and so can be exploited.

EtherLED exploits the flickering of the LEDs on network cards to exfiltrate data. The advantage of this attack is that it can be carried out from a distance as long as you have line of site on the LEDs on the card. Of course normally these cards and LEDs are not easily seen.

Air gap isolation and security is implemented on some of the worlds most secure systems (nuclear missiles for example) and many of the laboratory demonstrated hacks require the threat actor to be close to the system they plan to access – and those systems would be behind layers of physical security, possibly including guns! So air gapping is still a viable security step if you need it.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

Air-gapped systems used to be among the most secure IT systems – but may be not anymore… – Smart Thinking Solutions

What is an Air Gap? – Definition from Techopedia