An academic researcher from the Ben-Gurion University of the Negev has devised a new technique that relies on smartwatches and ultrasonic covert communication to exfiltrate data from air-gapped systems.
Designed to protect sensitive information, air-gapped systems are disconnected from the network, thus preventing data exfiltration through methods that require internet connectivity.
However, various covert communication channels can be used to steal data from these systems, and smartwatches, which are frequently present in high-security environments and can be abused as covert communication receivers, create a data exfiltration avenue, Ben-Gurion researcher Mordechai Guri says.
Called SmartAttack, the technique proposed by Guri utilizes a smartwatch’s built-in microphone to capture covert ultrasonic signals within range of 18–22 kHz, successfully enabling data theft based on certain environmental conditions.
The attack, however, assumes that the attacker has already infiltrated the air-gapped system and implanted malware that operates stealthily, transmitting information using the infected machine’s speakers in a frequency range that makes sounds inaudible to humans.
Furthermore, the attacker also needs to compromise the smartwatch of an individual with access to the secured environment, and implant malware capable of receiving the covert ultrasonic communication, decoding it, reconstructing it, and forwarding it to the attacker.
“The malware on the compromised computer is responsible for gathering sensitive information such as keystrokes (keylogging), encryption keys, biometric data, or user credentials,” the researcher notes.
“This information is then modulated onto ultrasonic signals in the inaudible frequency range (18 kHz and above). Using the computer’s speakers, the malware transmits these covert signals, leveraging ultrasonic propagation to evade human detection,” he continues.
The compromised smartwatch, the researcher explains, scans for covert ultrasonic signals to detect transmissions. After reconstructing the stolen information, it sends the data to the attacker using available communication methods, such as Bluetooth, Wi-Fi, or cellular networks.
“Smartwatches possess several technological features that enable them to receive ultrasonic signals effectively. One key component facilitating this capability is the presence of high-sensitivity microphones capable of capturing frequencies beyond the human hearing range,” Guri explains.
To test the effectiveness of the technique, the researcher used a Wear OS smartwatch with optimized signal processing capabilities to reduce noise and enhance the signal. The smartwatch’s orientation, body occlusion, and distance, Guri says, have a high impact on signal reception.
According to the researcher, SmartAttack can be used to transmit data through ultrasonic signals in the 18–22 kHz frequency range over distances of more than 6 meters, with data rates of up to 50 bits per second.
Possible mitigations, he says, include prohibiting smartwatches and similar audio-capable wearables in secure environments, deploying ultrasonic monitoring systems to identify unauthorized transmissions, deploying ultrasonic jammers, integrating ultrasonic firewalls within computers, and physically removing or disabling audio hardware components in air-gapped and highly secure environments.
Related: New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals
Related: LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems
Related: Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems
