What is SmartAttack and how does it work?

SmartAttack is a novel cyber attack method discovered by researchers at Ben-Gurion University that uses smartwatches to steal data from air-gapped systems. It works by installing malware on an isolated computer that encodes sensitive data into ultrasonic audio signals (18-22 kHz). These inaudible signals are captured by a compromised smartwatch's microphone, and when the smartwatch later connects to the internet, the stolen data is transmitted to attackers.

How do smartwatches capture data from air-gapped systems?

Smartwatches capture data through their built-in microphones, which can detect ultrasonic frequencies beyond human hearing range (18-22 kHz). The malware on the air-gapped computer converts sensitive data into these ultrasonic signals. When a compromised smartwatch is worn by someone near the infected computer, its microphone picks up these signals. The data remains stored on the smartwatch until it reconnects to an external network, at which point it transmits the stolen information to attackers.

What types of information can be stolen using SmartAttack?

SmartAttack can potentially steal various types of sensitive information including passwords, encryption keys, classified documents, keystrokes (keylogging data), authentication credentials, and other critical data. The attack is particularly effective at stealing small but high-value pieces of information, as the data transmission rate is relatively slow (about 50 bits per second) but sufficient for exfiltrating credentials or encryption keys.

Are all air-gapped systems vulnerable to SmartAttack?

While all air-gapped systems with speakers could theoretically be vulnerable, the attack requires several conditions to be successful: 1) The air-gapped system must be compromised with malware, 2) A smartwatch in the vicinity must also be compromised, 3) Someone wearing the compromised smartwatch must be within range of the ultrasonic signals (up to 6 meters), and 4) The smartwatch must later connect to an external network. Systems that implement strict wearable device policies or use ultrasonic monitoring are less vulnerable.

How far can ultrasonic signals travel in a SmartAttack scenario?

According to the research, ultrasonic signals used in SmartAttack can travel up to 6 meters (approximately 20 feet) from the compromised computer to the smartwatch. The effectiveness of transmission depends on environmental factors such as ambient noise, physical obstacles, and the position/orientation of the smartwatch. The signal strength decreases with distance, following standard acoustic propagation principles.

What organizations are most at risk from SmartAttack?

Organizations handling highly sensitive information are most at risk, including: military and defense agencies, government intelligence services, critical infrastructure operators, financial institutions with proprietary trading algorithms, research facilities with valuable intellectual property, and industrial control systems. Any organization that relies heavily on air-gapped systems to protect their most valuable data should consider this threat.

How can organizations protect against SmartAttack?

Organizations can implement several countermeasures to protect against SmartAttack: 1) Enforce strict policies prohibiting smartwatches and wearables in sensitive areas, 2) Install ultrasonic jammers that disrupt the covert channel, 3) Deploy ultrasonic monitoring systems to detect unauthorized transmissions, 4) Implement audio monitoring solutions that can identify suspicious ultrasonic activity, 5) Consider physical modifications such as removing or disabling speakers on highly sensitive air-gapped systems, and 6) Conduct regular security awareness training about emerging threats.

Is SmartAttack a theoretical threat or has it been observed in real attacks?

SmartAttack is currently a theoretical threat demonstrated in research environments rather than observed in real-world attacks. However, similar covert channel techniques have been used in sophisticated attacks against high-value targets. The research by Dr. Mordechai Guri at Ben-Gurion University demonstrates that the attack is technically feasible with existing technology. Security experts warn that advanced persistent threats (APTs) and nation-state actors could potentially develop and deploy such techniques against high-value targets.

SmartAttack: How Smartwatches Threaten Even Air-Gapped Business Systems

Published in Security Vulnerabilities | June 13, 2025

Smartwatches Caught Stealing Data from Air-Gapped Systems in Alarming New Research

That fancy smartwatch tracking your steps might also be stealing your secrets. Researchers at Ben-Gurion University in Israel have uncovered a disturbing new vulnerability they've dubbed "SmartAttack" — and it's sending shockwaves through the cybersecurity world.

Why? Because it shatters a fundamental security assumption most organizations rely on: that physically isolated "air-gapped" computers are safe from data theft. Turns out, they're not. Not if someone wearing a smartwatch is in the room.

The Sneaky Science Behind SmartAttack

Dr. Mordechai Guri — already infamous for finding bizarre ways to steal data from secure systems — led the research team that demonstrated this unsettling technique. Their findings reveal how ordinary smartwatches can act as receivers for ultrasonic signals transmitted by compromised computers, even ones completely disconnected from networks.

Key Research Findings

The study shows malware can force air-gapped computers to emit high-frequency sound waves (18-22 kHz) that are inaudible to humans but perfectly detectable by smartwatch microphones. These sonic signals can transmit data at roughly 50 bits per second — slow by normal standards but more than enough to steal passwords or encryption keys within minutes.

How the Attack Actually Works

The technical details are both fascinating and terrifying. SmartAttack isn't some theoretical threat — it's a practical attack method that exploits hardware found in virtually every office:

Getting In: First, malware needs to infect the air-gapped system. This typically happens through infected USB drives (the security equivalent of accepting candy from strangers), supply chain attacks, or — most commonly — an insider who doesn't realize they're carrying digital poison. It's the hardest part of the attack, but security researchers have documented countless successful breaches of air-gapped systems over the years.
The Hunt: Once inside, the malware quietly gathers whatever it's programmed to find — login credentials, encryption keys, classified documents. The attackers aren't greedy; they're strategic, focusing on small but critical data packages.
The Clever Bit: Here's where it gets wild. The infected computer converts stolen data into sound waves beyond human hearing range. The computer's ordinary speakers — nothing special needed — broadcast these ultrasonic signals into the room. Anyone sitting there would have absolutely no idea it's happening.
The Wearable Spy: Any smartwatch within about 20 feet picks up these signals through its microphone. And seriously — who turns off their Apple Watch microphone during meetings? Nobody. That's the genius of the attack.
The Escape: When the smartwatch wearer leaves the secure area and reconnects to WiFi or cellular networks, the captured data transmits to the attackers. Game over.

What keeps security experts up at night isn't just how clever this is — it's how achievable. The researchers demonstrated data transmission rates around 50 bits per second. That doesn't sound like much until you realize a password or authentication token can be stolen in under a minute. And the attack requires no specialized equipment beyond what people already wear on their wrists.

Who Should Be Sweating About This?

Certain industries face particularly high risks from SmartAttack. Organizations that thought their air-gapped systems were impenetrable suddenly have a new security nightmare to deal with:

Healthcare Providers: Hospitals and medical centers handle mountains of sensitive patient data on isolated systems to meet HIPAA requirements. The researchers specifically highlighted medical records as prime targets — small data packages with enormous value on dark markets.
Financial Institutions: Banks and investment firms rely heavily on air-gapped systems for their most sensitive operations. Trading algorithms and banking credentials are perfect targets: small data footprints with massive potential payoffs.
Defense & Government: Military contractors and government agencies use air-gapped networks for their most classified information. These organizations face not just financial risks but national security implications if breached.
Critical Infrastructure: Power plants, water systems, and industrial facilities typically isolate their operational technology networks. Compromise here could mean physical-world consequences beyond mere data theft.

Making matters worse, a recent industry survey found that while over 80% of professionals routinely wear smartwatches or fitness trackers to work, fewer than 5% of organizations have any policies governing these devices in sensitive areas. Talk about a perfect storm.

Practical Defenses That Won't Break the Bank

Good news for security teams everywhere – you don't need to rip out every speaker or ban Apple Watches to protect yourself. The Ben-Gurion team found several workable solutions that don't require a complete tech overhaul:

Smarter Security Policies

Forget blanket bans – nobody follows those anyway. Instead, create specific "clean rooms" where sensitive stuff happens. Put up clear signs, establish check-in procedures, and give people somewhere to stash their gadgets before entering. It's like airport security, but for your most valuable data. This targeted approach gets way better compliance than trying to ban smartwatches company-wide.

Audio Lockdown

For your crown-jewel systems? Just yank the speakers. No speakers = no ultrasonic channel. Problem solved. When speakers are absolutely necessary, specialized audio filtering software can block those specific frequencies. Several defense contractors have implemented this approach without disrupting normal work. Expensive? A bit. Cheaper than a data breach? Absolutely.

Human Firewall

Tech solutions fail when people don't get why they matter. Show your team exactly how these attacks work – maybe even demonstrate a harmless version. People who understand the "why" behind seemingly annoying security rules are way less likely to find workarounds. One security director told us compliance jumped from 65% to 94% after showing teams a live demo of similar attacks.

Ultrasonic Monitoring

Think of these as smoke detectors, but for suspicious sound waves. They've gotten surprisingly affordable lately – under $500 for basic models that can cover a standard conference room. Several vendors now sell plug-and-play solutions that integrate with existing security systems and alert your team when they detect something fishy in frequencies humans can't hear.

Beyond the Obvious

The scariest part of SmartAttack isn't the technique itself – it's what it represents. We've spent decades building security around the idea that physical separation equals safety. That's now fundamentally broken. A world where your fitness tracker can steal nuclear launch codes isn't one security professionals were trained for.

As our watches, glasses, medical devices and even clothes get smarter, the boundary between digital and physical keeps eroding. Yesterday's air-gap is today's data bridge. Security teams need to start thinking differently – fast.

Not the First, Won't Be the Last

Dr. Guri is something of a mad scientist in the cybersecurity world. Before smartwatches, his lab showed how to steal data using the noise from computer fans, power supplies, and even the barely-detectable electromagnetic buzz from CPU cores. Each time, security pros collectively slapped their foreheads wondering "how did we miss that?"

These side-channel attacks are particularly nasty because they exploit physics, not just code. They turn ordinary physical phenomena – sound waves, heat signatures, electromagnetic fields – into data highways that completely bypass traditional security. And as our homes and offices fill with ever-smarter gadgets, each with multiple sensors, the potential attack surface explodes.

Nobody's suggesting we abandon air-gapped systems – they're still vastly safer than connected alternatives. But the old "just disconnect it" approach clearly needs reinforcement. Multiple defensive layers that account for these weird, unexpected data paths are becoming essential.

Your Security To-Do List

If your organization handles anything remotely sensitive, here's what security experts suggest doing ASAP:

Take a hard look at your wearable device policies. Most organizations have gaping holes here – if they have policies at all.
Map out your truly critical systems – the ones that would sink your company or trigger regulatory nightmares if breached.
Beef up physical protections around these systems, with special attention to sound isolation. (Those foam acoustic panels aren't just for podcasters anymore.)
Consider bringing in specialists to test for side-channel vulnerabilities. Your regular security auditors probably aren't checking for this stuff – most don't even know how.

SmartAttack might sound like something from a Tom Clancy novel, but the science is rock-solid and the threat is genuine. Ignoring it would be like dismissing email phishing in the early 2000s – a serious mistake that'll eventually come back to bite.

The full research paper, "SmartAttack: Smartwatch-based Covert Channel for Data Exfiltration from Air-Gapped Systems," contains additional technical details for those looking to understand the vulnerability more deeply. It's available through Ben-Gurion University's Cyber-Security Research Center website.