![\"A](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/06\/1750140618_711_960x0.jpg\")
<\/p>\n<\/p>\n
SmartAttack shows how hackers can steal air-gapped data using a smartwatch.<\/p>\n
getty<\/p>\n
There are a myriad ways that a hacker can steal your data and compromise your systems, from automatic hacking machines, from automatic hacking machines<\/a>, using your contacts as unwitting accomplices<\/a>, and even analyzing PIN code usage<\/a>, to name but three. But what if an attacker could steal highly confidential, top secret data from even an air-gapped network that is not connected to the internet, using a smartwatch? Security researchers at Ben-Gurion University of the Negev have demonstrated how they can do just that. Here\u2019s what you need to know about SmartAttack.<\/p>\n ForbesMicrosoft Issues Windows 10 And 11 Update As Attacks Already UnderwayBy Davey Winder<\/a> Let\u2019s get the prerequisite disclaimer out of the way first, shall we? This article is based on security research of the bleeding-edge variety. As such, it examines improbable scenarios that, if exploited, could have devastating consequences for governments and corporations alike. Just because something is unlikely to occur does not mean it will not or can not. Because the attack vector involved is that of air-gapped computers, the ones that contain the most highly sensitive of all data, hence the need to separate them from all external networks, that risk, however small, must never be discounted.<\/p>\n Here\u2019s the truth of the matter: air-gapped systems can and have been compromised by everything from malicious insiders and contractors with infected USB thumb drives to highly sophisticated supply chain attacks involving state-sponsored campaigns, as observed in the past. This is important because it shows that this type of installation is not impenetrable. However, being able to attack such a system with malicious, system-harmful intent is quite different from eavesdropping, which, by necessity, requires the attacker to exfiltrate data from the environment. Because of the physical isolation from external systems, hackers will look to use other methods to exfiltrate data. Methods such as ultrasonic communication using smartphones as a covert communication channel. Hence, smartphones are not generally allowed within the vicinity of such air-gapped systems. But what if a smartwatch could be used instead?<\/p>\n This is where Mordechai Guri, head of the Offensive Cyber Research Lab at the Ben-Gurion University of the Negev, Israel, steps in with his SmartAttack research<\/a>.<\/p>\n ForbesFBI Issues Critical Cyberattack Alert \u2014 Act Now As Victims SkyrocketBy Davey Winder<\/a> This is where Mordechai Guri, head of the Offensive Cyber Research Lab at the Ben-Gurion University of the Negev, Israel, steps in with his SmartAttack research<\/a>. Guri is one of the leading authorities when it comes to what you might call, and he does, in fact, call air-gap jumping research<\/a>. \u201cOur approach utilizes the built-in microphones of smartwatches to capture covert signals in real time within the ultrasonic frequency range of 18\u201322 kHz,\u201d Guri explained. The findings, Guri warned, \u201chighlight the security risks posed by smartwatches in high-security environments.\u201d<\/p>\n I highly recommend reading the complete research for the full technical details regarding SmartAttack, but the TL;DR can be summed up as an already compromised system can have data successfully exfiltrated using a sound-monitoring app on a smartwatch that receives inaudible to human frequencies from malware installed on the target computer. It doesn\u2019t even have to be the hacker\u2019s smartwatch, as any compromised employee\u2019s watch could perform the same trick. \u201cThe smartwatch then forwards the extracted data to the attacker using available communication channels such as Wi-Fi, cellular networks, or Bluetooth tethering,\u201d Guri said, \u201ceffectively bypassing traditional security measures.\u201d<\/p>\n Guri suggested that \u201crestricting or prohibiting the use of smartwatches and similar audio-capable wearables in sensitive environments is a direct mitigation strategy.\u201d<\/p>\n
\nSmartAttack Can Exfiltrate Sensitive Data From Air-Gapped Networks Using A Smartwatch<\/p>\n
\nAir-Gap Jumping Using A Smartwatch<\/p>\n