The security researchers from Israel’s Ben Gurion University, Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz and Yossi Oren from the Faculty of Engineering Sciences, have authored a research paper detailing such a gadget. In a paper released today, the security researchers noted a novel, silent and cheap method for transmitting data, such as sound recordings or location data of a target, to a spy’s server, and proof that gyroscopes remain a nice target for advanced hackers. The researchers used the peculiar feature in gyroscopes which was first discovered by Son Y. Shing and others. One of the researchers, Yossi Oren told Forbes that the $3 gadget is so small that it can be stuck in a business card or even a sticker on your PC/smartphone to escape notice. The $3 gadget will use audio signal to force a phone or tablet gyroscope to vibrate at its resonant frequency.
Once the phone is able to home into the frequency, it would be registered by code running on the target’s phone – most likely within an innocent-looking web page – that queries the gyroscope as quickly as possible, uploading its reading to a server. Once the gadget is activated, it can start recording audio and location details. It can also transmit this information at a fast rate by just activating and deactivating the gyroscope. The website code would accept those bits and turn them into something useful, like the latitude and longitude of the unsuspecting victim. The security researchers from Ben Gurion University used a an iPhone 5S, a Samsung Galaxy S5 and a Microsoft Surface Pro 3 tablet in their research paper and PoC. They were successful in tapping into the target device and received the audio signal from the implant device, the state of the gyroscope was collected and sent to an external server by JavaScript code running on a web page. The researchers have also developed a Android App for doing the same.