A new theoretical air-gap attack dubbed SmartAttack has been cooked up by researchers at the Ben-Gurion University of the NegevBeer Sheva, Israel, proposing that smartwatches could be leveraged as receivers for ultra-sonic covert communication in air-gapped systems, highlighting an emerging threat to the networks.
As per the paper, air-gapped systems are generally considered secure due to their physical isolation from external networks, a measure used to prevent unauthorized access and cyberattacks. Air-gapped systems take different forms, including actual physical isolation or 'logical' isolation, where the segregation is implemented using other means such as encryption.
The paper, authored by Mordechai Guri, PhD (Head of Offensive-Cyber Research Lab), focuses on the former physical implementation of air-gap security. He describes smartwatches as "an underexplored yet effective attack vector," and in the paper proposes a new method that uses smartwatches as a receiver for ultrasonic covert communication in air-gapped environments.
According to the abstract, the method uses the built-in microphone of a smartwatch to capture covert signals in real time, specifically ultrasonic frequencies ranging from 18 to 22 kHz. According to the paper, extensive experimentation demonstrates that the attack can successfully transmit data over distances up to and possibly beyond 6 meters, with data transfer rates of 50 bits per second.
Despite the theoretical threat, any such attack would be enormously difficult to pull off. An adversary would still need to infiltrate the secured network and implant malware; to that end, the research cites previous incidents where air-gap networks have been compromised by supply chain attacks, insider threats, or infected removable media.
Implanted malware would remain dormant or operate stealthily, gathering sensitive information such as keystrokes, encryption keys, biometric data, or user credentials. The information is then modulated onto ultrasonic signals, broadcast at an inaudible frequency via the computer's speakers so as to evade human detection.
The more you read the paper, the more it starts to sound like a discarded Mission: Impossible plot. That's because the attack also requires a compromised smartwatch belonging to an employee or visitor with access to the secure environment. The paper envisions using extensive smartwatch connectivity options, including Wi-Fi, Bluetooth, NFC, or even email, to achieve this.
Once compromised, the smartwatch malware monitors its environment for incoming ultrasonic signals using its microphone. Even with malware in place on both the air-gapped network and the requisite smartwatch, ultrasonic data exfiltration is limited by factors such as position, signal reception, and strength, notably because a smartwatch is worn on the wrist and as such tends to move more or less constantly.
Despite the exceedingly high barriers to pulling off such an attack, the paper takes the threat seriously enough to propose mitigations. Obvious measures include prohibiting the use of smartwatches and similarly capable audio devices in air-gapped network environments, while other more sophisticated measures extend to deploying ultrasonic monitoring systems, using ultrasonic jamming, and even integrating ultrasonic firewalls within computers used in such networks.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
