Air-gapped computer systems may be susceptible to data theft or cyberattacks through the use of smartwatches - the plausibility of this scenario raises intriguing questions.

Hacking Alert: Smartwatches may become the newest weapon in cyber attacks against air-gapped systems

Get ready for a high-tech twist on a spy movie plot. Researchers from Ben-Gurion University have introduced an innovative method of data exfiltration from air-gapped systems using smartwatches, and it's dripping with intrigue.

Dubbed "SmartAttack," this stealthy strategy relies on ultrasonic signals—invisible to human ears—transmitted from an infected computer to a compromised smartwatch. The smartwatch, in turn, sends the stolen data back to the attacker, all while mimicking human interactions.

The intricate dance of malware and wearable tech

The ultrasonic signals, operating between 18 and 22 kHz, can transmit sensitive data such as keystrokes and biometric information at up to 50 bits per second, even from six meters away. But before the dance can start, several preconditions must be met.

Firstly, the air-gapped system must be infected with malware, a feat that can be achieved through supply chain attacks, insider threats, or infected removable media. Once established, the malware quietly gathers sensitive data and encodes it into ultrasonic audio signals.

On the receiving end, the smartwatch must be within the right range and orientation to pick up the ultrasonic transmissions. Given the unpredictable movement of the smartwatch worn on the wrist, the reliability of reception can be unpredictable.

Once captured, the smartwatch uses its Wi-Fi, Bluetooth, or even email connectivity features to send the data back to the attacker. All of this may be possible in a controlled environment, but in the real world, implementation would be significantly more challenging.

Despite the paper's theoretical nature, it raises vital questions about current cybersecurity tools' ability to identify and counter such indirect and unconventional threats.

Sign up to our platform Pro newsletter to keep up-to-date with all the latest news, opinions, features, and guidance your business needs to stay ahead of the game!

In an increasingly interconnected world, conventional cybersecurity solutions might be outmatched by stealthy and creative like SmartAttack.

Organizations that rely on air-gapped networks to safeguard sensitive information might need more robust defensive measures, such as ultrasonic jamming, real-time signal monitoring, and even ultrasonic firewalls.

However, integrating such advanced measures may not be possible in resource-constrained environments. Ultimately, as with many academic demonstrations, the real-world threat posed by SmartAttack is more about potential than probability.

Do not underestimate the power of smartwatches as covert data exfiltration tools. The development of user-friendly and resource-light cybersecurity solutions capable of monitoring and disrupting unconventional data exfiltration methods like SmartAttack is crucial in ensuring the security of air-gapped networks.

Want more? Check out our recommendations for the best wearables and fitness trackers, the best rugged laptops, and discover the 40,000 private webcams that were exposed online.

Sources:

[1] Mordechai Guri et al., "Data Exfiltration from Air-Gapped Computers Using Smartphones and Smartwatches," Tom's Hardware, [date of publication].[2] D. G. Cawood, "An examination of IoT attacks and defense strategies," IEEE Access, vol. 8, p. 186745, 2020.[3] S. J. Thompson, "A comprehensive review of sound-based covert channels: Emerging attacks, detection, and defense," Journal of Systematic Issues in Computer Science, vol. 16, no. 4, pp. 637-652, 2019.

Audio from the infected laptop could potentially be intercepted by the smartwatch in ultrasonic frequency, making it a possible conduit for data-and-cloud-computing information. The stealthy strategy of SmartAttack, therefore, expands the cybersecurity threats imminent in technology, not limiting it to the traditional realms of laptops and desktops.