A newly discovered cyberattack method, dubbed SmartAttack, leverages smartwatches and ultrasonic signals to steal data from air-gapped systems—computers physically isolated from external networks. Developed by researchers led by Mordechai Guri at Ben-Gurion University, this technique exploits smartwatch microphones to capture covert ultrasonic transmissions from compromised air-gapped machines.
How SmartAttack Works
Malware is installed on the air-gapped system, often via physical access or insider threats. It collects sensitive data like encryption keys, credentials, or keystrokes. The malware converts stolen data into binary (0s and 1s) and modulates it onto ultrasonic frequencies (18–22 kHz) using binary frequency shift keying (B-FSK):
• 18.5 kHz = “0”
• 19.5 kHz = “1”.
These frequencies are inaudible to humans but detectable by smartwatch microphones.
Surprisingly, the smartphone’s microphone is not a requirement for the attack. This novel method bypasses microphones entirely by targeting smartphone gyroscopes. Malware generates ultrasonic tones at the resonant frequency of MEMS gyroscopes (e.g., 14–24 kHz), inducing mechanical oscillations in the sensor. The gyroscope’s output is sampled by a compromised smartphone app, which decodes the oscillations back into binary data. This technique works even when microphones are disabled or blocked, leveraging gyroscope access permissions often granted to apps.
