In a startling development that sounds straight out of a spy thriller, cybersecurity experts have unveiled a cutting-edge threat called “SmartAttack,” a novel cyberattack technique using smartwatches to breach air-gapped systems, typically considered impenetrable because they are physically isolated from any network.
SmartAttack is a novel data exfiltration technique developed by Dr. Mordechai Guri of Ben-Gurion University of Negev, known for its strong cybersecurity research. It demonstrates a side-channel technique that uses the inertial measurement unit (IMU), specifically the accelerometer and gyroscope (both sensors) found in a smartwatch.
What is SmartAttack?
Air-gapped Systems
To understand how SmartAttack works, we must first understand the concept of “air-gapped” systems. An air-gapped system is a security measure that involves isolating a computer or network and preventing it from establishing any external connection.
There is a complete physical or logical separation between the secured system and any unsecured network like the internet or other internal networks. Physical separation entails no connections to Ethernet cables, Wi-Fi, Bluetooth, or LAN. Logical separation involves the use of strong firewalls, strict access controls, and network segmentation.
Air-gapped systems cannot be accessed remotely, which significantly reduces the risk of cyberattacks, malware infections, and data breaches that rely on network connectivity. Transfer of data is done manually and offline through the aid of carefully scanned removable media like USB drives, external hard drives, or magnetic tapes.
Air-gapped systems are primarily used in government and military systems, nuclear facilities, industrial control systems, financial institutions, and sensitive research materials and to create backups for disaster recovery.
How SmartAttack Works
SmartAttack leverages electromagnetic (EM), optical, thermal, and acoustic (sound) channels for data exfiltration. A more effective method, however, according to Mordechai’s research, is via ultrasonic channels.
The use of ultrasonic channels during data exfiltration is largely preferred due to its stealth and the availability of microphones and speakers present in almost all modern devices. This method requires a transmitter (PC or laptop with a speaker) and a receiver (a device with audio recording capabilities) to capture the signals.
The transmitter gives off ultrasonic sound at 18 kHz and above that is inaudible to humans and can be encoded with sensitive data like keystrokes, encryption keys, credentials, or confidential documents to covertly transmit them to the receiver without suspicion.
The first step involves a breach in the air-gapped system through an insider threat, supply chain attacks, or a corrupted removable media that introduces malware into the system. Once this is done, the exfiltrated data is converted into high-frequency ultrasonic signals, which are then transmitted through a receiver like the compromised PC speaker or smartwatch.
A compromised smartwatch of a person with access to the secure environment serves as a silent data vacuum. With the aid of its built-in microphone, capable of picking up frequencies at 18-22 kHz, the encoded signals are captured, demodulated and decoded, and then sent through the smartwatch’s own Wi-Fi, Bluetooth, or cellular network system.
Implications for High-Security Environments
The research carried out by Mordechai on SmartAttack has highlighted a dangerous blind spot in critical infrastructure security. Air-gapped environments that seemed indestructible from wireless leaks and cyberattacks due to their offline nature no longer seem secure.
Smartwatches have rapidly become a part of everyday wearables and never attract any suspicion, which makes them a dangerous medium for SmartAttack. This discovery begs for a rethink on policies that allow employees to bring their devices into sensitive areas.
“The belief that an air-gapped computer is 100% secure is becoming obsolete,” said Dr. Mordechi Guri, lead researcher and head of the Cyber-Security Research Center at Ben-Gurion University. “Smartwatch sensors have become powerful enough to function as espionage tools, especially when worn by trusted insiders.”
