Professional Documents
Culture Documents
Abstract
Component
Secret
Collection
Secret
Exfiltration
Power
Supply
Example Instantiations
Microphone, camera,
side-channel probe
RF backscatter, acoustical
coupling, this work
Passive power, battery
Introduction
An increasing number of people are finding themselves branded as intelligence targets. Intelligence
targets are entities which are of interest to statesponsored signals intelligence agencies, or similarly powerful malicious adversaries. These adversaries presume their victims are in possession
of some secret information, and attempt to acquire
this information using various stealthy techniques.
Most intelligence targets are tracked by huge scale,
bulk collection efforts which target the Internets
routing backbone and data centers; for higher-value
targets, the malicious adversaries tend to make use
of custom hardware implants, or bugs.
Our work suggests a way of designing a particularly stealthy and effective implant. Before we describe our design in detail, we first describe the architecture of implants in general. As described in
Table 1, an implant has three main functional components: First, it must collect secret information
from its victim; next, it must exfiltrate this secret
payload by connecting to a central command and
control (C&C) server, an activity colloquially referred to as phoning home; finally, the implant
requires some sort of power supply to power its
computation and communication functions.
Secret collection can be achieved by various
methods. Most trivially, an implant can use onboard sensors such as microphones or cameras to
1
1.1
Collect
Secret
Implant
Modulate
Secret
Exfiltrate
Secret
Victim Phone
Gyroscopes on Personal
Devices
Our contribution
In this work we present the first experimental evidence of the disruptive effect of ultrasonic vibrations on the gyroscope sensors of mobile phones
and laptops. Specifically, we show how a specially2
2.2
ing their native apps together with third-party ad- 3.1 Attack Model
vertising libraries which load ads over the web on
demand. As a consequence of the gyroscopes per- Our attack assumes that the adversary has managed
mission model, third-party ads of both types are al- to place an implant in close proximity to the gyroscope sensor located in the victims phone or moways allowed to query the gyroscope.
bile device, and that this implant has some secret
it wishes to exfiltrate to the adversarys command
and control (C&C) server. We furthermore assume
that the attacker has the ability to make the victims
mobile device display a website, or otherwise run
3 Our Attack
some unprivileged code. This assumption can be
achieved by using one of the following methods:
As shown in [11], intentional acoustic vibrations
By purchasing a advertisement, containing the
can induce an undesired signal at the output of most
attackers JavaScript code, which will then be
MEMS gyroscopes through their several mechadisplayed on one of the victims favorite webnisms, as we discussed in Section 2. The central
sites or native applications. Malicious adverpoint of our attack is the use of this induced signal
tisements are a well-known risk to the adverto carry data: the implant can modulate a secret
tising ecosystem [14]. As we stated in 2.3, disover the gyroscope channel by intentionally varyplaying an ad that interacts with the gyroscope
ing the amplitude, frequency or phase of this undedoes not require special permissions from the
sired signal over time. A program running on the
hosting webpage or native app.
mobile device can subsequently pick up this modulated signal and pass it on to the C&C server. There
By inducing the user to download and inare two unique advantages to this exfiltration chanstall a repackaged application an innocentnel, in comparison to other sensor-based exfiltralooking native application modified to include
tion schemes such as [3, 7]. The first advantage readditional malicious components [15]. Note
lates to the lax security model imposed on the gyroagain that the additional functionality requires
scope sensor, especially in contrast to other sensors
no extraordinary permissions, making it a
such as the microphone or camera. This weak secugood candidate for repackaging attacks .
rity makes deploying an attack based on gyroscopes
very simple. In fact, as stated in Subsection 2.3, the
By replacing the contents of an innocent webvictim merely has to browse to an unprivileged web
page the victim is attempting to view with
page for the attack to succeed. The second advanan infected version containing the malicious
tage relates to the gyroscopes enhanced sensitivity
functionality, through the use of state-actor caat its responsive frequency. Due to this sensitivity, a
pabilities such as man-in-the-middle or manrelatively weak audio signal (as low as several mion-the-side attacks [5, 8].
crowatts in power, as we show in Subsection 4.1)
is sufficient to trigger the phones sensors, allowing The malicious functionality embedded into the
even a small battery-powered implant to make use website or the app is very simple it simply queries
the gyroscope as quickly as possible and uploads
of this exfiltration method.
its reading to a central server. The implant will use
Figure 2 provides a brief demonstration of our intentional acoustic vibration to selectively corrupt
attack, based on real lab measurements. The top the readings of the gyroscope as they are being read
of the figure shows the baseband bit sequence that by the attackers code, therefore modulating the sethe implant wishes to exfiltrate. The bit sequence is cret to be exfiltrated. 1
transmitted to the phone by an on-off keying modulation of the audio signal, with the frequency of
the carrier wave set near the gyroscopes responsive 3.2 Evaluation Setup
frequency. The bottom of the Figure shows the abWe designed and carried out an experiment to evalsolute values of real-time readings from the victim
uate the data-bearing potential of the intentional
phones gyroscope (an iPhone 5S in this case) as it
acoustic vibration channel. The hardware setup of
receives the audio signal, captured using JavaScript
our experiment is indicated in Figure 3. As shown
code running within an unprivileged web page. It
in the Figure, a Keysight 33622A Waveform Gencan be seen, even with the naked eye, that the readerator was connected via an RG-58 coaxial cable
ings from the gyroscope experience strong fluctuto a PUI Audio APS2509S-T-R piezoelectric transations when the audio signal is being sent, but are
ducer, which was placed on the victim device as
relatively quiet during other periods. Thus, the gy1 We must assume that the implant knows to start transmitting
roscope readings contain an encoding of the transprecisely
when the malicious code is running on the phone. Synmitted bit sequence. These readings can then trivchronizing the implant and the code can either be done by sendially be sent to a C&C server, providing a very ef- ing a signal from the phone that is picked up by the implants
fective exfiltration channel. We describe our results sensors, or by fixing a predetermined time of day at which the
implant always transmits its payload.
in more detail in the following Section.
4
Signal
Generator
Coaxial
Cable
WiFi
Connection
Piezoelectric
speaker
Victim Device
The waveform generator was configured to create an on-off keying-modulated signal at its output.
The carrier frequency of this output was a sine wave
at a frequency close to the responsive frequency of
the gyroscope of the victim device (typically between 26 kHz and 28 kHz) and an amplitude of
10 Vpkpk . The modulating signal was the standard
pseudorandom bit-sequence (PRBS) PN7, which is
created with 7 bits of state and the generating polynomial G (X) = x7 + x6 + x0 .
Web Server
close as possible to the location of the devices internal gyroscope. Figure 4 shows a photograph
of the victim phone and the attached piezoelectric
transducer.
While the PUI Audio piezoelectric transducers
data sheet states that its highest working frequency
is 20 kHz, we were consistently able to use it to
generate tones at frequencies of up to 30 kHz. We
determined the exact responsive frequency for each
device by generating a sine-sweep signal in the 2529 kHz range, looking for anomalies in the gyroscope response, then gradually reducing the span
of the sweep until we arrived at the exact responsive frequency. To determine the optimal location for the piezoelectric transducer, we referred
to publicly-available tear-downs of the victim devices and attempted to locate the speaker as close
to the gyroscope as possible. If tear-downs were
not available, we manually moved the piezoelectric
transducer across the device, while vibrating at the
On the software side, we wrote a simple webpage that constantly queries the gyroscope using
JavaScript and uploads the measurements on demand to a web server. We also wrote a native Android app which queried the gyroscope at the highest possible rate and uploaded its measurements to
the same web server. The web server, which we
implemented in node.js, simply time-stamped each
batch of measurements and saved them to disk. Finally, we analyzed the measurements using custom
scripts written in Matlab R2015a. In the analysis
step, we determined the optimal phase for detection by cross-correlating the gyroscope signal with
a locally-generated PN7 sequence, then applied a
simple threshold-based detector to determine the
values of each bit. Finally, we calculated the bit error rate by counting how many bits were incorrectly
decoded by our method. As we state in Subsection
4.1, it is certainly possible to improve this modulation scheme and increase the channels capacity
while reducing its error rate.
5
Device Name
Gyroscope Hardware
Software Environment
Apple iPhone 5s
Unknown
(STMicroelectronics?)
Invensense MP65M
Unknown (Bosch Sensortec?)
Max.
Sampling
Rate
60 Hz
60 Hz
200 Hz
60 Hz
Samsung Galaxy S5
Microsoft Surface Pro 3
3.3
Evaluation Results
Discussion
4.1
4.2
Countermeasures
Sampling
rate (Hz)
60
100
200
Software
Chrome
Firefox
Native
Signal
(Rad/s)
2.09
112
2.17
Noise
(mRad/s)
0.853
53
0.92
SNR
(dB)
67.7
66.4
67.4
Capacity
(bps)
1351
2209
4481
4.3
4.4
Responsible Disclosure
Related Work
Several existing works have explored the susceptibility of gyroscope sensors to external noise and
their potential use for malicious intent. Son et
al. [11] demonstrated how intentional acoustic vibrations can corrupt the gyroscope readings in a
remote-control drone, causing it to crash. The au-
The very features of the gyroscope communications channel which make it so desirable for malicious adversaries namely, its ubiquity, its minimal power requirement, and its stealthiness make
it ideal for beneficial uses, most immediately for
8
4.6
Conclusion
In this work we demonstrated and evaluated a lowcost exfiltration method based on intentional acoustic vibration. This method allows an implant to take
advantage of the gyroscope sensor of an adjacent
mobile device to exfiltrate secrets to a command
and control center. This method has the potential
of reducing the operational risk involved in operating implants, a fact that may dramatically expand
their use by malicious state agencies. Securityconscious users should not allow questionable accessories, such as phone cases, to be in close physical contact with their phones.
References
[1] A PPELBAUM , J., G IBSON , A., G UARNIERI ,
C., M LLER -M AGUHN , A., P OITRAS , L.,
ROSENBACH , M., RYGE , L., S CHMUNDT,
H., AND S ONTHEIMER , M. The digital arms
race: NSA preps america for future battle.
Der Spiegel 1, 17 (Jan 2015).
[2] C HROMIUM
S ECURITY
T EAM.
Deprecating
powerful
features
on insecure origins.
Online at
https://www.chromium.org/Home/chromiumsecurity/deprecating-powerful-features-oninsecure-origins.
[3] D ESHOTELS , L. Inaudible sound as a covert
channel in mobile devices. In 8th USENIX
Workshop on Offensive Technologies, WOOT
14, San Diego, CA, USA, August 19, 2014.
(2014), S. Bratus and F. F. X. Lindner, Eds.,
USENIX Association.
[4] G ENKIN , D., PACHMANOV, L., P IPMAN , I.,
T ROMER , E., AND YAROM , Y. ECDSA key
extraction from mobile devices via nonintrusive physical side channels. IACR Cryptology
ePrint Archive 2016 (2016), 230.
[5] H AAGSMA , L.
Deep dive into QUANTUM INSERT. Online at https://blog.foxit.com/2015/04/20/deep-dive-into-quantuminsert/.
[6] H ANSPACH , M., AND G OETZ , M. On covert
acoustical mesh networks in air. JCM 8, 11
(2013), 758767.
9
and Application Security and Privacy, CODASPY 2012, San Antonio, TX, USA, February 7-9, 2012 (2012), E. Bertino and R. S.
Sandhu, Eds., ACM, pp. 317326.