SmartAttack Uses Smartwatches to Steal Data From Air-Gapped Systems
hubie writes:
Air-gapped systems, commonly deployed in mission-critical environments such as government facilities, weapons platforms, and nuclear power plants, are physically isolated from external networks to prevent malware infections and data theft.
Despite this isolation, they remain vulnerable to compromise through insider threats such as rogue employees using USB drives or state-sponsored supply chain attacks.
Once infiltrated, malware can operate covertly, using stealthy techniques to modulate the physical characteristics of hardware components to transmit sensitive data to a nearby receiver without interfering with the system's regular operations.
SmartAttack was devised by Israeli university researchers led by Mordechai Guri, a specialist in the field of covert attack channels who previously presented methods to leak data using LCD screen noise, RAM modulation, network card LEDs, USB drive RF signals, SATA cables, and power supplies.
While attacks on air-gapped environments are, in many cases, theoretical and extremely difficult to achieve, they still present interesting and novel approaches to exfiltrate data.
SmartAttack requires malware to somehow infect an air-gapped computer to gather sensitive information such as keystrokes, encryption keys, and credentials. It can then use the computer's built-in speaker to emit ultrasonic signals to the environment.
By using a binary frequency shift keying (B-FSK), the audio signal frequencies can be modulated to represent binary data, aka ones and zeroes. A frequency of 18.5 kHz represents "0," while 19.5 kHz denotes "1."
Frequencies at this range are inaudible to humans, but they can still be caught by a smartwatch microphone worn by a person nearby.
The sound monitoring app in the smartwatch applies signal processing techniques to detect frequency shifts and demodulate the encoded signal, while integrity tests can also be applied.
The final exfiltration of the data can take place via Wi-Fi, Bluetooth, or cellular connectivity.
The smartwatch can either be purposefully equipped with this tool by a rogue employee, or outsiders may infect it without the wearer's knowledge.
[...] The researchers say the best way to counter the SmartAttack is to prohibit using smartwatches in secure environments.
Another measure would be to remove in-built speakers from air-gapped machines. This would eliminate the attack surface for all acoustic covert channels, not just SmartAttack.
If none of this is feasible, ultrasonic jamming through the emission of broadband noise, software-based firewalls, and audio-gapping could still prove effective.
Read more of this story at SoylentNews.