[[{“value”:”
A sophisticated new attack method called “SmartAttack” that can breach supposedly secure air-gapped computer systems using smartwatches as covert data receivers.
The groundbreaking research demonstrates how attackers can exploit ultrasonic frequencies to exfiltrate sensitive information from isolated networks, challenging traditional assumptions about air-gapped security.
Air-gapped systems are considered the gold standard for protecting classified information, as they are physically disconnected from external networks and the internet.
However, this latest research reveals how adversaries can circumvent these protections using ubiquitous wearable devices that employees routinely bring into secure environments.
Air-Gap Bypass via Ultrasonic Smartwatches
According to cybersecurity researchers at Ben-Gurion University, the SmartAttack method operates by installing malware on both the target air-gapped computer and a victim’s smartwatch.
The compromised computer encodes stolen data using Binary Frequency Shift Keying (B-FSK) modulation, transmitting information through ultrasonic sound waves in the 18-22 kHz frequency range, completely inaudible to human ears.
The attack uses specific frequency pairs for data encoding: 18.5 kHz represents binary “0” while 19.5 kHz represents binary “1,” with each bit transmitted over a 50-millisecond symbol duration (Ts = 50 ms).
This ultrasonic communication channel can successfully transmit sensitive data, including keystrokes, encryption keys, credentials, and confidential documents, over distances exceeding six meters.
The smartwatch continuously monitors the acoustic spectrum using its built-in microphone, applying Fast Fourier Transform (FFT) algorithms to detect and decode the covert transmissions.
Once captured, the stolen data is forwarded to attackers through the smartwatch’s Wi-Fi, cellular, or Bluetooth connections, effectively bypassing the air-gap protection.
The attack’s technical sophistication lies in its signal processing implementation. The smartwatch receiver employs a Butterworth bandpass filter to isolate ultrasonic frequencies while suppressing environmental noise.
The system uses overlapping Hamming-windowed segments for accurate frequency estimation and applies Kalman filtering to compensate for Doppler shifts caused by natural wrist movement.
Experimental validation revealed that transmission rates of 5 bits per second maintain near-zero bit error rates (BER) across tested distances, while higher rates of 50 bps experience significant degradation beyond six meters.
The attack’s effectiveness varies based on smartwatch orientation, with optimal reception occurring when positioned at 180-225 degrees relative to the transmitting computer.
The researchers tested multiple transmission sources, finding that active speakers maintain the highest signal-to-noise ratio (SNR) across all distances, making them most effective for long-range ultrasonic communication.
Laptop speakers demonstrated stable performance at shorter distances but experienced SNR decline beyond six meters.
This research exposes a critical vulnerability in high-security environments where smartwatches and similar wearable devices are commonly permitted.
The attack’s stealth nature, operating through inaudible frequencies, makes detection extremely challenging without specialized monitoring equipment.
The findings highlight unique advantages smartwatches possess as attack vectors compared to smartphones. Their constant presence on users’ wrists ensures proximity to potential targets while remaining inconspicuous in security-conscious environments.
Mitigation strategies include restricting wearable devices in sensitive areas, deploying ultrasonic monitoring systems, and implementing “audio-gapping” by physically removing speakers and microphones from critical systems.
Organizations may also consider ultrasonic jamming systems, though these risk interfering with legitimate ultrasonic-dependent equipment.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
The post New SmartAttack Steals Sensitive Data From Air-Gapped Systems via Smartwatches appeared first on Cyber Security News.
“}]]
Read More