SmartAttack: Air-Gap Attack via Smartwatches

TL;DR

SmartAttack demonstrates that smartwatches can be exploited as covert receivers for ultrasonic data exfiltration from air-gapped systems, posing new security risks in high-security environments.

Contribution

This paper introduces and evaluates a novel ultrasonic covert channel attack leveraging smartwatches, an underexplored device in air-gap security breaches.

Findings

Smartwatches can reliably receive ultrasonic signals in the 18-22 kHz range.

Environmental factors and human body influence ultrasonic signal propagation.

Smartwatches' continuous presence makes them effective covert receivers.

Abstract

Air-gapped systems are considered highly secure against data leaks due to their physical isolation from external networks. Despite this protection, ultrasonic communication has been demonstrated as an effective method for exfiltrating data from such systems. While smartphones have been extensively studied in the context of ultrasonic covert channels, smartwatches remain an underexplored yet effective attack vector. In this paper, we propose and evaluate SmartAttack, a novel method that leverages smartwatches as receivers for ultrasonic covert communication in air-gapped environments. Our approach utilizes the built-in microphones of smartwatches to capture covert signals in real time within the ultrasonic frequency range of 18-22 kHz. Through experimental validation, we assess the feasibility of this attack under varying environmental conditions, distances, orientations, and noise levels. Furthermore, we analyze smartwatch-specific factors that influence ultrasonic covert channels, including their continuous presence on the user's wrist, the impact of the human body on signal propagation, and the directional constraints of built-in microphones. Our findings highlight the security risks posed by smartwatches in high-security environments and outline mitigation strategies to counteract this emerging threat.