Don't Look Up: Ubiquitous Data Exfiltration Pathways in Commercial Spaces

06/26/2022
by   Anku Adhikari, et al.
0

We show that as a side effect of building code requirements, almost all commercial buildings today are vulnerable to a novel data exfiltration attack, even if they are air-gapped and secured against traditional attacks. The new attack uses vibrations from an inconspicuous transmitter to send data across the building's physical infrastructure to a receiver. Our analysis and experiments with several large real-world buildings show a single-frequency bit rate of 300Kbps, which is sufficient to transmit ordinary files, real-time MP3-quality audio, or periodic high-quality still photos. The attacker can use multiple channels to transmit, for example, real-time MP4-quality video. We discuss the difficulty of detecting the attack and the viability of various potential countermeasures.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset