- Smart watches can soon be the newest tool to rape even the safest computer
- Ultrasonic signals are invisible to us, but can carry secrets outside the machines collected in the air
- Smartattack depends on rare conditions, but its possibility shows that no system is completely safe
A new research work proposes an unusual method of exfiltration of systems data with air bones using smart watches.
The concept, created by researchers from the University of Ben-Gurion, sounds like something outside a spy thriller, but the details reveal how technically would be technically complex and closely feasible of this type.
The method, called “smartattack”, is based on exploiting the microphone of a smart watch committed to receive ultrasonic signals from a computer infected with hollow.
The role of malware and portable technology
These ultrasonic transmissions operate between 18 and 22 kHz, just above the human hearing range, and can transport data such as key pulsations or biometric information to up to 50 bits per second through distances of at least six meters.
So that any part of the attack works, multiple difficult steps must be achieved.
First, malware must be implemented in the air system, which is a challenge. As the authors point out, this malware could get there through “supply chain attacks, internal threats or infected removable media.”
Once installed, the malware silently harvests confidential data and encodes them in ultrasonic audio signals. However, transmitting these signals is only half of the equation.
At the receiving end, an intelligent clock, also infected with malware, must be within the correct range and orientation to collect ultrasonic transmissions.
The author of Papel Mordechai Guri, PHD, described smart watches as “a sub -exploited but effective attack vector”, pointing out that devices are also subject to an unpredictable movement because they are used in the wrist, reducing the reliability of the reception.
The smart watch would use its connectivity functions, such as Wi-Fi, Bluetooth or even email, to transmit the data to the attacker.
This sequence may be possible in well -controlled experiments, but the implementation of the real world would be significantly more difficult.
Although the document is hypothetical, it causes real questions about whether current cyber security tools, such as the best antivirus or final point protection software, are equipped to detect or defend against such indirect and unconventional threats.
For organizations that use networks with an increase in networks to safeguard confidential information, traditional protections may not be enough.
Similarly, although the best identity theft protection tools are effective against known threat vectors, this type of undercover channel exploits hardware and environments so that existing solutions could not anticipate.
The document recommends a more advanced defense, including ultrasonic interference, real -time signal monitoring and even ultrasonic firewalls.
However, the practicality of such measures, especially in environments limited by resources, remains uncertain.
That said, as with many academic manifestations, the threat of the real world has more to do with the potential than probability.
Via Tomshardware
