Latest news with #SmartAttack
Jordan News
7 hours ago
- Jordan News
Security Flaw Exploits Air-Gapped Computers Using Smartwatches - Jordan News
In a groundbreaking and unconventional breach, a research team led by Mordechai Guri has unveiled a novel security vulnerability capable of leaking data from air-gapped computer systems—those physically isolated from any network—through smartwatches using inaudible ultrasonic signals. اضافة اعلان How SmartAttack Works The attack method, dubbed SmartAttack, relies on the pre-installation of malicious software on the target computer. This malware encodes sensitive data into ultrasonic signals using a modulation technique known as Binary Frequency Shift Keying (B-FSK): 18.5 kHz frequency = binary '0' 19.5 kHz frequency = binary '1' These signals are emitted through the computer's speakers and picked up by the microphones of nearby smartwatches, whether intentionally placed or previously compromised. Specialized apps on the smartwatch decode the signals into digital information, which is then transmitted externally via Wi-Fi, Bluetooth, or cellular networks once the watch wearer leaves the secure area. According to the research—set to be presented at IEEE COMPSAC 2025—the most likely entry points for such attacks include insider threats, such as disgruntled employees, or supply chain compromises that inject malware early in the device lifecycle. Why This Attack Is Unique Unlike traditional attacks that rely on network vulnerabilities, SmartAttack uses physical hardware components (speakers and smartwatch microphones) to establish a covert communication channel, rendering conventional cybersecurity systems like firewalls and intrusion detection tools ineffective. Limitations and Engineering Constraints While the concept is innovative, its real-world execution faces several challenges: Limited microphone sensitivity in smartwatches makes ultrasonic reception more susceptible to noise and interference. Effective range is constrained to 6–9 meters, and Data transfer speed is low—about 50 bits per second—making the exfiltration of large volumes of data slow and cumbersome. Signal quality depends heavily on watch orientation and line-of-sight to the computer. Despite these constraints, the attack's significance lies in debunking the myth of complete air-gap immunity, building on Guri's prior work that includes data leaks via LCD light emissions, electromagnetic noise from cables, fan vibrations, and power supply fluctuations. Recommended Countermeasures To defend against such unconventional threats, researchers advise the following: Ban smartwatches and wearable tech from high-security environments. Disable or physically disconnect speakers in air-gapped systems. Deploy ultrasonic jammers to disrupt unauthorized acoustic transmissions. Implement audio activity monitoring to flag unusual speaker behavior. Use physical acoustic insulation to block ultrasonic signal transmission. Final Thoughts Though SmartAttack remains complex and difficult to carry out at scale, it serves as a critical wake-up call for cybersecurity leaders to rethink their defense strategies. Traditional security paradigms are no longer sufficient—next-generation threats may come from hardware behaviors, not just network breaches. As air-gapped systems continue to be targeted in novel ways, a proactive, multidisciplinary approach is vital to safeguarding sensitive environments.
Yahoo
a day ago
- Science
- Yahoo
Smartwatches Can Secretly Receive Data From Air-Gapped Computers
Researchers from an Israeli university have shown a new way for hackers to steal information from PCs that are not connected to the internet, known as air-gapped systems. These computers are often used in places like government offices, military bases, and nuclear plants to keep important information safe by keeping them away from any network. The attack, called SmartAttack, needs a computer to be infected with the virus first. This can happen if someone inside the organization helps or if a device like a USB drive is used on the device. Once the computer is infected, the software collects information like passwords and other confidential messages. To send this information out, the malware uses the computer's speaker to make very high-pitched sounds that people cannot hear, according to the study posted to arXiv. These sounds are at frequencies above what humans can detect. But smartwatches, which are everywhere nowadays, can pick them up with their microphones. The smartwatches then use special software to turn these sounds back into the stolen information, as reported by Bleeping Computer. Credit: arXiv After the smartwatch receives the information, it can send it to someone outside the secure area using Wi-Fi or Bluetooth. The researchers say this method works best if the smartwatch is close to the computer and has a clear path to the speaker. The farther away the smartwatch is, or if something is blocking the speaker, the harder it is for the smartwatch to pick up the data. The team says the best way to stop this kind of attack is to not allow smartwatches in secure areas or to remove the speakers from these computers. Other ways to protect these systems include using devices that make noise at these high frequencies to block secret signal communication, or using software to turn off the computer's audio functions.
Forbes
a day ago
- Forbes
How Hackers Use A Smartwatch To Steal Highly Confidential Data
There are a myriad ways that a hacker can steal your data and compromise your systems, from automatic hacking machines, from automatic hacking machines, using your contacts as unwitting accomplices, and even analyzing PIN code usage, to name but three. But what if an attacker could steal highly confidential, top secret data from even an air-gapped network that is not connected to the internet, using a smartwatch? Security researchers at Ben-Gurion University of the Negev have demonstrated how they can do just that. Here's what you need to know about SmartAttack. Let's get the prerequisite disclaimer out of the way first, shall we? This article is based on security research of the bleeding-edge variety. As such, it examines improbable scenarios that, if exploited, could have devastating consequences for governments and corporations alike. Just because something is unlikely to occur does not mean it will not or can not. Because the attack vector involved is that of air-gapped computers, the ones that contain the most highly sensitive of all data, hence the need to separate them from all external networks, that risk, however small, must never be discounted. Here's the truth of the matter: air-gapped systems can and have been compromised by everything from malicious insiders and contractors with infected USB thumb drives to highly sophisticated supply chain attacks involving state-sponsored campaigns, as observed in the past. This is important because it shows that this type of installation is not impenetrable. However, being able to attack such a system with malicious, system-harmful intent is quite different from eavesdropping, which, by necessity, requires the attacker to exfiltrate data from the environment. Because of the physical isolation from external systems, hackers will look to use other methods to exfiltrate data. Methods such as ultrasonic communication using smartphones as a covert communication channel. Hence, smartphones are not generally allowed within the vicinity of such air-gapped systems. But what if a smartwatch could be used instead? This is where Mordechai Guri, head of the Offensive Cyber Research Lab at the Ben-Gurion University of the Negev, Israel, steps in with his SmartAttack research. This is where Mordechai Guri, head of the Offensive Cyber Research Lab at the Ben-Gurion University of the Negev, Israel, steps in with his SmartAttack research. Guri is one of the leading authorities when it comes to what you might call, and he does, in fact, call air-gap jumping research. 'Our approach utilizes the built-in microphones of smartwatches to capture covert signals in real time within the ultrasonic frequency range of 18–22 kHz,' Guri explained. The findings, Guri warned, 'highlight the security risks posed by smartwatches in high-security environments.' I highly recommend reading the complete research for the full technical details regarding SmartAttack, but the TL;DR can be summed up as an already compromised system can have data successfully exfiltrated using a sound-monitoring app on a smartwatch that receives inaudible to human frequencies from malware installed on the target computer. It doesn't even have to be the hacker's smartwatch, as any compromised employee's watch could perform the same trick. 'The smartwatch then forwards the extracted data to the attacker using available communication channels such as Wi-Fi, cellular networks, or Bluetooth tethering,' Guri said, 'effectively bypassing traditional security measures.' Guri suggested that 'restricting or prohibiting the use of smartwatches and similar audio-capable wearables in sensitive environments is a direct mitigation strategy.'
