Don't Look Up: Ubiquitous Data Exfiltration Pathways in Commercial Spaces
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:ZSWM3PTOrecord.jsonopen to challenge →
read the original abstract
We show that as a side effect of building code requirements, almost all commercial buildings today are vulnerable to a novel data exfiltration attack, even if they are air-gapped and secured against traditional attacks. The new attack uses vibrations from an inconspicuous transmitter to send data across the building's physical infrastructure to a receiver. Our analysis and experiments with several large real-world buildings show a single-frequency bit rate of 300Kbps, which is sufficient to transmit ordinary files, real-time MP3-quality audio, or periodic high-quality still photos. The attacker can use multiple channels to transmit, for example, real-time MP4-quality video. We discuss the difficulty of detecting the attack and the viability of various potential countermeasures.
This paper has not been read by Pith yet.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.