Skip to content

Smartwatches tabbed as latest vehicle for air-gapped system attacks

Posted by: GuidePoint Security

2 min read

June 13, 2025 – Published on SC Media

Researchers say that the latest vehicle for covert data extraction from secured systems could be sitting on your wrist.

A paper published by the Ben-Gurion University of the Negev in Beer Sheva, Israel, details how a smartwatch could possibly be employed to lift secured data from air-gapped machines by intercepting electronic signals.

Air-gapped machines sit apart from any network connection. Such systems are usually employed to hold highly sensitive data on a one-way connection without any possibility of outside access. While such setups would, on the surface, seem to be impenetrable to anyone who didn’t have direct physical access to a connection port on the machine, researchers have found that there are various methods with which a threat actor can intercept signals or interpret electromagnetic activity in such a way as to intercept and log data transmissions. This would result in the theft of potentially sensitive information.

While the most practical use of the vulnerability would be the interception of sensitive data, the researchers believe that under the right circumstances smartwatch devices could even be used by threat actors to inject commands into a nearby air-gapped system.

“Beyond covert channels, ultrasonic signals can also be exploited for direct command injection attacks, posing security risks to voice-controlled devices,” the Ben-Gurion researchers noted.

Least administrators get too worked up over the prospects of attack, experts noted that any theoretical exploit would require very specific conditions in which both the watch device and the targeted system were already compromised by the attacker.

“SmartAttack is clever research, but it’s not a fire‑drill for typical enterprises. An attacker must already own the air‑gapped machine and a smartwatch that sits within about twenty feet, then settle for dial‑up‑era speeds. That makes it a boutique tool for espionage scenarios, not a mainstream corporate threat,” explained Victor Wieczorek, senior VP of offensive security at GuidePoint Security.

“The broader lesson is simpler: if a device can record audio, treat it as a potential covert channel and control it accordingly.”

Read More HERE.

Categories: Cybersecurity
Tags:cybersecurityPenetration Testing

GuidePoint Security

The Brick House: Into the Breach — Advanced Penetration Testing Tactics
Register today for a live talk with Gary Brickhouse, CISO at GuidePoint Security, and his panel of TAS and AppSec practitioners focusing on advanced methods for testing the weakest points of your organization’s cybersecurity.
Watch Now

Related Articles

View All

  • Vulnerability Management & Penetration Testing
The Brick House: Into the Breach — Advanced Penetration Testing Tactics
Read More < 1 min read
Penetration Testing Services
Read More 4 min read
  • Blog
Go Beyond Conventional Penetration Testing with a Red Team Assessment
Posted by: GuidePoint Security
Read More 4 min read