Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   SmartAttack uses smartwatches to steal data from air-gapped systems (http://txgate.io:443/showthread.php?t=51301285)

Artifact 06-12-2025 01:40 PM
<div id="post_message_797038">

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems.<br/>
<br/>
Air-gapped systems, commonly deployed in mission-critical environments such as government facilities, weapons platforms, and nuclear power plants, are physically isolated from external networks to prevent malware infections and data theft.<br/>
<br/>
Despite this isolation, they remain vulnerable to compromise through insider threats such as rogue employees using USB drives or state-sponsored supply chain attacks.<br/>
<br/>
Once infiltrated, malware can operate covertly, using stealthy techniques to modulate the physical characteristics of hardware components to transmit sensitive data to a nearby receiver without interfering with the system's regular operations.<br/>
<br/>
SmartAttack was devised by Israeli university researchers led by Mordechai Guri, a specialist in the field of covert attack channels who previously presented methods to leak data using <a href="https://www.bleepingcomputer.com/news/security/new-pixhell-acoustic-attack-leaks-secrets-from-lcd-screen-noise/" target="_blank">LCD screen noise</a>, <a href="https://www.bleepingcomputer.com/news/security/new-rambo-attack-steals-data-using-ram-in-air-gapped-computers/" target="_blank">RAM modulation</a>,<a href="https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/" target="_blank"> network card LEDs</a>, <a href="https://www.bleepingcomputer.com/news/security/air-gapped-systems-leak-data-via-sata-cable-wifi-antennas/" target="_blank">USB drive RF signals</a>, <a href="https://www.bleepingcomputer.com/news/security/air-gapped-systems-leak-data-via-sata-cable-wifi-antennas/" target="_blank">SATA cables</a>, and <a href="https://www.bleepingcomputer.com/news/security/air-gapped-pcs-vulnerable-to-data-theft-via-power-supply-radiation/" target="_blank">power supplies</a>.<br/>
<br/>
While attacks on air-gapped environments are, in many cases, theoretical and extremely difficult to achieve, they still present interesting and novel approaches to exfiltrate data.<br/>
<br/>
<b><font size="4"><font color="White">How SmartAttack works</font></font></b><br/>
<br/>
SmartAttack requires malware to somehow infect an air-gapped computer to gather sensitive information such as keystrokes, encryption keys, and credentials. It can then use the computer's built-in speaker to emit ultrasonic signals to the environment.<br/>
<br/>
By using a binary frequency shift keying (B-FSK), the audio signal frequencies can be modulated to represent binary data, aka ones and zeroes. A frequency of 18.5 kHz represents "0," while 19.5 kHz denotes "1."<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/June/inter.jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

The covert channel and interference from keyboard typing

</td>
</tr>
</table>
</div>Frequencies at this range are inaudible to humans, but they can still be caught by a smartwatch microphone worn by a person nearby.<br/>
<br/>
The sound monitoring app in the smartwatch applies signal processing techniques to detect frequency shifts and demodulate the encoded signal, while integrity tests can also be applied.<br/>
<br/>
The final exfiltration of the data can take place via Wi-Fi, Bluetooth, or cellular connectivity.<br/>
<br/>
The smartwatch can either be purposefully equipped with this tool by a rogue employee, or outsiders may infect it without the wearer's knowledge.<br/>
<br/>
<b><font size="4"><font color="white">Performance and limitations</font></font></b><br/>
<br/>
The researchers note that smartwatches use small, lower-SNR microphones compared to smartphones, so signal demodulation is quite challenging, especially at higher frequencies and lower signal intensities.<br/>
<br/>
Even wrist orientation was found to play a crucial role in the feasibility of the attack, working best when the watch has "line-of-sight" with the computer speaker.<br/>
<br/>
Depending on the transmitter (speaker type), the maximum transmission range is between 6 and 9 meters (20 – 30 feet).<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/June/transmitter.jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

Transmitter type performance

</td>
</tr>
</table>
</div>The data transmission rate ranges from 5 bits per second (bps) to 50 bps, reducing reliability as the rate and distance increase.<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/June/table(2).jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

Performance measurements (Signal to Noise Ratio, Bit Error Rate)

</td>
</tr>
</table>
</div>The researchers say the best way to counter the SmartAttack is to prohibit using smartwatches in secure environments.<br/>
<br/>
Another measure would be to remove in-built speakers from air-gapped machines. This would eliminate the attack surface for all acoustic covert channels, not just SmartAttack.<br/>
<br/>
If none of this is feasible, ultrasonic jamming through the emission of broadband noise, software-based firewalls, and audio-gapping could still prove effective.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/" target="_blank">@ BleepingComputer </a>
</div>


All times are GMT. The time now is 07:36 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.