Latest news with #MordechaiGuri


Mint
17-06-2025
- Mint
Your smartwatch can be used to steal secured data- How ‘smartAttack' works
A new tech-savvy scam has emerged that leverages smartwatches and air-gapped networks to steal even highly secured data. This new trick is being called 'smartAttack', and it sounds like a Mission: Impossible movie. This research-based scam is said to use the microphone of the smartwatch to get ultrasonic signals and steal data from an air-gapped system. This new scamming method was highlighted by researchers from Ben Gurion University, in which the report detailed how even the most secure data is vulnerable. Know more in detail about the SmartAttack taking place and how scammers are stealing sensitive data from secure systems. How can SmartAttack steal highly secured data from air-gapped systems? Air-gapped systems are considered to be highly secure and are used by business and government officials to store confidential data. These systems are isolated from other systems, which makes the data protected. However, the air-gapped system can also be breached via infected USB drivers, insider threats, supply chain attacks, etc. Now, researchers from Ben Gurion University have highlighted that sensitive data from these air-gapped systems can be stolen using ultrasonic signals from smartwatches. Mordechai Guri, head of the Offensive Cyber Research Lab at Ben-Gurion University, said, 'Our approach utilises the built-in microphones of smartwatches to capture covert signals in real time within the ultrasonic frequency range of 18–22 kHz.' This highlights the risk of carrying electronic items like smartwatches to a secure environment. But how does it actually work? Well, it is reported that SmartAttack first looks for air-gapped systems with malware to gather crucial information such as credentials, encryption keys, and others via high-pitch ultrasonic sound, which is not audible to the human ear. Then the tiny microphone on the smartwatch can catch these sounds, and the information is then decoded using a malicious app inside the smartwatch.


Jordan News
14-06-2025
- Jordan News
Security Flaw Exploits Air-Gapped Computers Using Smartwatches - Jordan News
In a groundbreaking and unconventional breach, a research team led by Mordechai Guri has unveiled a novel security vulnerability capable of leaking data from air-gapped computer systems—those physically isolated from any network—through smartwatches using inaudible ultrasonic signals. اضافة اعلان How SmartAttack Works The attack method, dubbed SmartAttack, relies on the pre-installation of malicious software on the target computer. This malware encodes sensitive data into ultrasonic signals using a modulation technique known as Binary Frequency Shift Keying (B-FSK): 18.5 kHz frequency = binary '0' 19.5 kHz frequency = binary '1' These signals are emitted through the computer's speakers and picked up by the microphones of nearby smartwatches, whether intentionally placed or previously compromised. Specialized apps on the smartwatch decode the signals into digital information, which is then transmitted externally via Wi-Fi, Bluetooth, or cellular networks once the watch wearer leaves the secure area. According to the research—set to be presented at IEEE COMPSAC 2025—the most likely entry points for such attacks include insider threats, such as disgruntled employees, or supply chain compromises that inject malware early in the device lifecycle. Why This Attack Is Unique Unlike traditional attacks that rely on network vulnerabilities, SmartAttack uses physical hardware components (speakers and smartwatch microphones) to establish a covert communication channel, rendering conventional cybersecurity systems like firewalls and intrusion detection tools ineffective. Limitations and Engineering Constraints While the concept is innovative, its real-world execution faces several challenges: Limited microphone sensitivity in smartwatches makes ultrasonic reception more susceptible to noise and interference. Effective range is constrained to 6–9 meters, and Data transfer speed is low—about 50 bits per second—making the exfiltration of large volumes of data slow and cumbersome. Signal quality depends heavily on watch orientation and line-of-sight to the computer. Despite these constraints, the attack's significance lies in debunking the myth of complete air-gap immunity, building on Guri's prior work that includes data leaks via LCD light emissions, electromagnetic noise from cables, fan vibrations, and power supply fluctuations. Recommended Countermeasures To defend against such unconventional threats, researchers advise the following: Ban smartwatches and wearable tech from high-security environments. Disable or physically disconnect speakers in air-gapped systems. Deploy ultrasonic jammers to disrupt unauthorized acoustic transmissions. Implement audio activity monitoring to flag unusual speaker behavior. Use physical acoustic insulation to block ultrasonic signal transmission. Final Thoughts Though SmartAttack remains complex and difficult to carry out at scale, it serves as a critical wake-up call for cybersecurity leaders to rethink their defense strategies. Traditional security paradigms are no longer sufficient—next-generation threats may come from hardware behaviors, not just network breaches. As air-gapped systems continue to be targeted in novel ways, a proactive, multidisciplinary approach is vital to safeguarding sensitive environments.