Researchers from Ben-Gurion University in Israel have discovered a novel method for data theft from air-gapped computers using smartwatches. According to NotebookCheck, the cyber attack method known as SmartAttack enables the transmission of confidential information via ultrasonic signals—frequencies in the range of 18 to 22 kHz, inaudible to the human ear.
The essence of the attack lies in the infected computer encoding data into an ultrasonic signal, which is then transmitted to the microphone of a smartwatch. The device subsequently sends the data over Wi-Fi or Bluetooth, bypassing the physical isolation of the computer. Since smartphones are often banned in secure areas, and smartwatches are less regulated and typically worn on the user's wrist, their use proves practical for such attacks.
During experiments, information was successfully transmitted up to 6 meters away at a rate of 50 bits per second. Although the method requires both the infection of the computer and the physical presence of the smartwatch, researchers warn that the risks are severe for organizations relying on physical isolation as their main line of defense.
This research calls for a reevaluation of policies regarding wearable devices in high-security areas.
