Depositphotos
Israeli cybersecurity experts at the University Ben-Gurion in the Negev found evidence that a smartwatch you can access to isolated computer systems.
The new type of attack, called SmartAttack, was thoroughly researched by Israeli cyber experts led by Mordechai Guri. Prior to that, Gouri had already presented possible ways of cyberattacks with leakage of sensory data by using LCD monitor noise, RAM modulation, and network card LEDs, RF signals from USB drives, SATA cables, and power supplies.
Isolated systems are separated from other networks, such as the Internet, to protect against remote hacking are often used by government agencies, arms companies, nuclear power plants, and other sensitive facilities. However, such systems remain vulnerable to hacking due to the following factors Unscrupulous employees who use USB storage devices.
Once hacked, malware can act covertly, penetrating protected areas and stealing confidential information. Although attacks on isolated environments are in many cases theoretical and extremely difficult to implement, they are still interesting and new approaches to data extraction.
SmartAttack involves the malware infecting isolated computers, collecting sensitive information such as encryption keys and credentials. It can then use the computer’s built-in speaker to emit ultrasonic signals. Using binary frequency shift keying (B-FSK), the frequencies of an audio signal can be modulated to represent binary data, i.e., ones and zeros. A frequency of 18.5 kHz represents “0” and 19.5 kHz represents “1”.
A person cannot hear frequencies in this range, but they can be picked up by the microphone of a smartwatch worn by a person in the vicinity. The smartwatch audio monitoring app applies signal processing techniques to detect frequency shifts and demodulate the encoded signal, and can also apply integrity tests. The final data leak can be carried out via Wi-Fi, Bluetooth, or cellular communication.
Smartwatches unscrupulous employees may deliberately have the appropriate tools or be hacked in advance by cybercriminals. According to Israeli researchers, smartwatches use small microphones with a lower signal-to-noise ratio than smartphones. This makes demodulation of the signal quite a challenge, especially at higher frequencies and lower signal intensity.
Cyber experts have found that even the position. The wrist can be a key factor in the attack. It will be most effective if the smartwatch is in close proximity to the computer speaker. Depending on the transmitter (type of speaker), the maximum transmission range is from 6 to 9 meters The transmission rate ranges from 5 to 50 bits per second, and reliability decreases with increasing speed and distance.
According to the researchers, the best way to protect against such attacks is to ban the use of smartwatches in secure, isolated environments. In addition, jamming using ultrasound by emitting broadband noise.
The results of the study are published on the preprint server arXiv.org
Source: Bleeping Computer