- Smartwatches could soon be the most recent tool to rape even the most secure computer
- Ultrasonic signals are invisible to us but can transport secrets out of air machines
- Smartattack depends on rare conditions, but its possibility proves that no system is never completely sure
A new research document offers an unusual method of data exfiltration from air puncture systems using smart watches.
The concept, created by researchers from Ben -Gurion University, looks like something of a spy thriller, but the details reveal to what extent such an attack is technically complex and narrow.
The method, nicknamed “Smartattack”, is based on the operation of the microphone of a smartwatch compromised to receive ultrasonic signals from an infected air puncture computer.
The role of malware and portable technology
These ultrasonic transmissions operate between 18 and 22 kHz, just above the human hearing range, and can transport data such as strikes or biometric information up to 50 bits per second over distances of at least six meters.
For any part of the attack to work, several difficult steps must already be accomplished.
First, malware must be located on the air puncture system, which is itself a challenge. As the authors point out, these malicious software could get there by “supply chain attacks, threats of initiates or infected removable media”.
Once installed, the malware is quietly harvesting sensitive data and code in ultrasonic audio signals. However, the transmission of these signals is only half the equation.
Upon reception, an intelligent watch, also infected with malware, must be in the beach and correct orientation to collect ultrasonic transmissions.
The author of Mordchai Guri paper, PhD, described intelligent watches as “an under-explored but effective attack vector”, noting that the devices are also subject to an unpredictable movement because they are carried on the wrist, reducing the reliability of the reception.
Smartwatch would then use its connectivity features, such as Wi-Fi, Bluetooth or even E-mail, to relay data to the attacker.
This sequence may be possible in closely controlled experiences, but the implementation of the real world would be much more difficult.
Although the document is hypothetical, it arouses real questions about the fact that current cybersecurity tools, such as the best antivirus or terminal protection software, are equipped to detect or defend against such indirect and unconventional threats.
For organizations using air networks to protect sensitive information, traditional protections may not be sufficient.
Similarly, although the best tools for protecting identity theft are effective against known threat vectors, this type of secret canal uses equipment and environments in a way that existing solutions may not anticipate.
The document recommends a more advanced defense, in particular ultrasound shuffle, signal monitoring in real time and even ultrasonic firewalls.
However, the practicality of these measures, especially in resource -related environments, remains uncertain.
That said, as with many academic manifestations, real threat is more a matter of potential than probability.
Via Tomshardware
