University researchers tout using smartwatches to steal data from air-gapped systems — SmartAttack paper proposes using wearable as a covert ultrasonic signal receiver
The attack sounds unbelievably hard to pull off.
A new theoretical air-gap attack dubbed SmartAttack has been cooked up by researchers at the Ben-Gurion University of the NegevBeer Sheva, Israel, proposing that smartwatches could be leveraged as receivers for ultra-sonic covert communication in air-gapped systems, highlighting an emerging threat to the networks.
As per the paper, air-gapped systems are generally considered secure due to their physical isolation from external networks, a measure used to prevent unauthorized access and cyberattacks. Air-gapped systems take different forms, including actual physical isolation or 'logical' isolation, where the segregation is implemented using other means such as encryption.
The paper, authored by Mordechai Guri, PhD (Head of Offensive-Cyber Research Lab), focuses on the former physical implementation of air-gap security. He describes smartwatches as "an underexplored yet effective attack vector," and in the paper proposes a new method that uses smartwatches as a receiver for ultrasonic covert communication in air-gapped environments.
According to the abstract, the method uses the built-in microphone of a smartwatch to capture covert signals in real time, specifically ultrasonic frequencies ranging from 18 to 22 kHz. According to the paper, extensive experimentation demonstrates that the attack can successfully transmit data over distances up to and possibly beyond 6 meters, with data transfer rates of 50 bits per second.
Despite the theoretical threat, any such attack would be enormously difficult to pull off. An adversary would still need to infiltrate the secured network and implant malware; to that end, the research cites previous incidents where air-gap networks have been compromised by supply chain attacks, insider threats, or infected removable media.
Implanted malware would remain dormant or operate stealthily, gathering sensitive information such as keystrokes, encryption keys, biometric data, or user credentials. The information is then modulated onto ultrasonic signals, broadcast at an inaudible frequency via the computer's speakers so as to evade human detection.
The more you read the paper, the more it starts to sound like a discarded Mission: Impossible plot. That's because the attack also requires a compromised smartwatch belonging to an employee or visitor with access to the secure environment. The paper envisions using extensive smartwatch connectivity options, including Wi-Fi, Bluetooth, NFC, or even email, to achieve this.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Once compromised, the smartwatch malware monitors its environment for incoming ultrasonic signals using its microphone. Even with malware in place on both the air-gapped network and the requisite smartwatch, ultrasonic data exfiltration is limited by factors such as position, signal reception, and strength, notably because a smartwatch is worn on the wrist and as such tends to move more or less constantly.
Despite the exceedingly high barriers to pulling off such an attack, the paper takes the threat seriously enough to propose mitigations. Obvious measures include prohibiting the use of smartwatches and similarly capable audio devices in air-gapped network environments, while other more sophisticated measures extend to deploying ultrasonic monitoring systems, using ultrasonic jamming, and even integrating ultrasonic firewalls within computers used in such networks.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
Stephen is Tom's Hardware's News Editor with almost a decade of industry experience covering technology, having worked at TechRadar, iMore, and even Apple over the years. He has covered the world of consumer tech from nearly every angle, including supply chain rumors, patents, and litigation, and more. When he's not at work, he loves reading about history and playing video games.
-
chaz_music This makes me think of a similar research finding a few years ago that used the EMI signature of DRAM. I think they set the DRAM clock to 2.4GHz (WiFi lower band) and made precise DRAM reads to create modulated RF. The signal was readable by a WiFi system across the room but I don't remember how far they were able to get.Reply -
kanewolf High security areas don't allow smartwatches. Been there, done that. Leave your smartwatch with your phone OUTSIDE the area.Reply -
Konomi Reply
Easier to find a gullible human that can either be bribed or just doesn't know what they're doing. Is how trade secrets are often leaked - humans are the weakness, always.Pierce2623 said:Why do we get so many articles about threats that aren’t threats? -
edzieba Audio based exfil for airgapped systems is not in the slightest bit new. The smartwatch bit is a fairly quixotic twist: any environment that demands you remove your smartphone before entering will apply the same rule to smartwatches, and if there are no personal device controls then anyone with a smartwatch will also be carrying a smartphone too, and smartphones have a much larger attack surface to potentially compromise if you need to use an existing device to exfil rather than inserting a dedicated device (for audio exfil, that would be any compact audio recorder).Reply