A new research initiative from Ben-Gurion University of the Negev in Israel has revealed a startling technique that could allow attackers to steal sensitive data from air-gapped systems using nothing more than a compromised smartwatch. The attack, dubbed SmartAttack, demonstrates how inaudible ultrasonic signals can be leveraged to breach even the most secure, disconnected networks.
Air-Gapped Networks Are Not Immune
Air-gapped computers, which are isolated from all external connections, are often used to secure classified government and corporate data. While these systems are generally seen as impenetrable, past incidents have proven otherwise. Threat actors have previously infiltrated such environments through malicious insiders, infected USB drives, and even sophisticated supply chain attacks.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
However, breaching these systems is one challenge exfiltrating data from them is another. Traditional attack methods often fail because of the network isolation, leading researchers to explore unconventional transmission channels.
How SmartAttack Works
Led by Mordechai Guri, head of the Offensive Cyber Research Lab at Ben-Gurion University, the SmartAttack approach leverages the built-in microphones in smartwatches to capture ultrasonic signals transmitted by malware on an infected air-gapped system. These signals fall in the 18 to 22 kHz range, making them inaudible to humans.
Once the smartwatch receives these covert signals, it can relay the extracted data to the attacker using standard connectivity options such as Wi-Fi, Bluetooth, or mobile networks. The attack does not require the smartwatch to belong to the attacker — any compromised employee device nearby could be exploited for this purpose.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Implications for High-Security Environments
This technique highlights a new class of risk for high-security environments where smartphones are typically banned. Smartwatches, often overlooked in security policies, could become covert data exfiltration devices. Guri warned that these wearables present “real-time ultrasonic vulnerabilities” and urged organizations handling sensitive information to reassess their on-premises device policies.
Security experts emphasize that while such attacks remain rare and complex, they underscore the evolving nature of threats targeting air-gapped infrastructure.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing.