Researchers from Ben-Gurion University in Israel have discovered a new method for stealing data from air-gapped computers using smartwatches, NotebookCheck reports. The cyberattack method, called SmartAttack, allows sensitive information to be transmitted via ultrasonic signals — frequencies in the range of 18–22 kHz that are inaudible to the human ear.
The essence of the attack is that the infected computer encodes information in the form of an ultrasonic signal, which is transmitted to the microphone of the smartwatch. The device then sends the data via Wi-Fi or Bluetooth, bypassing the physical isolation of the computer. Since smartphones are often banned in secure areas, and smartwatches are less regulated and usually reside on the user's wrist, their use is practical for such an attack.
During experiments, information was transmitted over a distance of up to 6 meters at a speed of 50 bits per second. Although the method requires both infection of the computer and the physical presence of the watch, the researchers warn that the risks are serious for structures that rely on physical isolation as their main defense.
This study calls for a review of policies regarding wearable devices in high-security areas.