Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label smartwatch data exfiltration. Show all posts
ultrasonic signal attack
air-gapped systems covert malware attack Cyber Attacks Cybersecurity SmartAttack smartwatch data exfiltration ultrasonic signal attack

‘SmartAttack’: New Covert Threat Uses Smartwatches to Steal Data from Air-Gapped Systems via Ultrasound

 

A new cybersecurity threat dubbed "SmartAttack" demonstrates how smartwatches can covertly capture ultrasonic signals to extract sensitive data from air-gapped computers—systems traditionally considered highly secure due to their physical isolation from external networks.

Air-gapped environments are widely used in sensitive sectors such as defense, government, and nuclear power facilities to safeguard against external cyber intrusions. However, researchers have long warned that insider threats or state-sponsored supply chain attacks can bypass this isolation, allowing malware to operate silently.

Once a device is compromised, malware can manipulate physical components like speakers, screens, and cables to transmit confidential information to nearby receivers—without affecting the machine’s core operations.

“SmartAttack was devised by Israeli university researchers led by Mordechai Guri, a specialist in the field of covert attack channels who previously presented methods to leak data using LCD screen noise, RAM modulation, network card LEDs, USB drive RF signals, SATA cables, and power supplies.”

In SmartAttack, once malware is present on an air-gapped machine, it collects sensitive data—such as keystrokes, credentials, and encryption keys—and emits ultrasonic signals through the computer’s built-in speakers using binary frequency shift keying (B-FSK). These sound waves, though inaudible to humans, can be picked up by a smartwatch microphone worn by someone nearby.

The smartwatch, running a custom sound monitoring app, detects frequency shifts and demodulates the data. From there, information can be relayed using Wi-Fi, Bluetooth, or cellular networks, either intentionally by a rogue insider or unknowingly by the wearer.

Despite its innovation, the attack comes with constraints. Smartwatch microphones have lower signal-to-noise ratios than phones, making it difficult to decode signals accurately. The orientation of the wrist, speaker type, and physical distance (6–9 meters max) further affect performance. The data transfer rate ranges from 5 to 50 bits per second, with higher rates reducing reliability.

To mitigate this threat, the researchers suggest banning wearable devices like smartwatches in sensitive areas. Removing built-in speakers from secure computers could also neutralize acoustic exfiltration channels entirely. Additional safeguards include ultrasonic jamming, software firewalls, and audio-gapping.

While SmartAttack may sound like science fiction, it highlights the growing sophistication of covert cyberattacks, especially in environments where security is assumed to be airtight.
Read more »
Subscribe to: Posts (Atom)