A novel attack called βSmartAttackβ exploits smartwatches as ultrasonic receivers to covertly exfiltrate data from air-gapped systems. This technique highlights new vulnerabilities in physically isolated environments, emphasizing the need for strict device management and potential countermeasures. #SmartAttack #covertchannels
Keypoints
- SmartAttack uses ultrasonic signals emitted from compromised air-gapped computers to transmit data covertly.
- Smartwatches with microphones can detect inaudible ultrasonic frequencies used for data exfiltration.
- The attack employs frequency shift keying (B-FSK) to encode binary data within ultrasonic sound waves.
- Range of data transmission is roughly 6 to 9 meters, with a rate from 5 to 50 bits per second.
- Countermeasures include banning smartwatches in secure areas and removing in-built speakers from critical systems.