Smartwatch Hack Can Extract Data from Air-Gapped Computers

Key Takeaways

1. SmartAttack Method: A new cyberattack method called SmartAttack can exploit smartwatches to extract sensitive data from air-gapped computers using ultrasonic signals.

2. Inaudible Sound Waves: The attack uses sound waves between 18 to 22 kilohertz to encode data, which smartwatches can pick up and transmit via Wi-Fi or Bluetooth.

3. Smartwatch Vulnerability: Smartwatches are often allowed in secure areas while smartphones are not, making them a unique target for hidden data extraction.

4. Distance and Speed: Tests show that data can be transmitted from over six meters away at rates of up to fifty bits per second, posing risks in high-security environments.

5. Urgent Security Awareness: The research highlights the need for increased attention to wearable technology in secure areas, as compromised smartwatches could threaten even the most isolated systems.

A new method of cyberattack called SmartAttack has uncovered a serious flaw in the usage of smartwatches within secure areas. This research was published on June 10, 2025, by Dr. Mordechai Guri from Ben-Gurion University, showing how malware on a computer that is air-gapped can send sensitive information using ultrasonic signals to a nearby smartwatch, all without any clear signs of a breach.

How It Works

The attack utilizes inaudible sound waves ranging from 18 to 22 kilohertz. The infected computer encodes the data, which the smartwatch’s microphone picks up. After decoding, the smartwatch transmits the information via Wi-Fi or Bluetooth, effectively evading standard security measures.

Vulnerability of Smartwatches

In secure locations, smartphones are usually prohibited, but smartwatches often stay on users’ wrists and face less strict regulations in many situations. Their ongoing presence and the design of their microphones make them particularly effective for this type of hidden operation.

Tests have shown that data can be successfully transferred from distances greater than six meters, achieving bitrates of up to fifty bits per second. This creates significant risks for high-security environments that depend on physical isolation to protect sensitive information.

Serious Implications

Although this attack necessitates both system compromise and close range, the potential effects are alarming. Cybersecurity journalist Davey Winder remarked in Forbes that “just because something is unlikely to happen does not mean it will not or cannot.” He points out that any compromised smartwatch “could execute the same method” to extract data from even the most secure air-gapped systems.

While applying this in the real world is quite difficult, the findings highlight an urgent need to pay more attention to wearable technology in secure environments.