Researchers at Ben-Gurion University of the Negev in Israel have demonstrated how seemingly harmless smartwatches can be used as a covert data exfiltration tool.
Using ultrasonic signals, the team has demonstrated how the popular wearable technology can be used to siphon sensitive information from even the most secure air-gapped systems.
In a preprint paper published on arXiv, Dr. Mordechai Guri, head of the Offensive Cyber Research Lab at Ben-Gurion University, unveiled a technique dubbed “SmartAttack.” This technique exposes a chilling vulnerability that could turn ordinary smartwatches into tools of corporate espionage or state-sponsored surveillance, potentially disrupting the security of high-profile institutions.
“Through experimental validation, we assess the feasibility of this attack under varying environmental conditions, distances, orientations, and noise levels,” Dr. Guri writes. “Our findings highlight the security risks posed by smartwatches in high-security environments.”
Air-gapped systems—computers or networks physically isolated from unsecured connections—have long been considered the gold standard for protecting critical data.
These systems are typically deployed in environments where security is paramount, such as military installations, nuclear facilities, and financial institutions. However, as research shows, physical separation alone is no longer guaranteed against intrusion.
In his recent study, Dr. Guri explored how smartwatches, worn innocuously on the wrist, can act as silent receivers of ultrasonic data transmissions. Using the built-in microphones in these devices, attackers can capture inaudible signals (between 18 and 22 kHz) emitted by a compromised computer’s speakers. These signals can encode sensitive information such as passwords, encryption keys, and confidential files, which the smartwatch then decodes and transmits to an attacker—bypassing conventional security measures entirely.
Unlike smartphones, which may be subject to security screening or physical checks in high-security zones, Dr. Guri points out that smartwatches “are designed for continuous wear, allowing them to be discreetly carried into various environments, including secured or air-gapped systems.” Their constant presence on the wrist, proximity to computers, and seamless integration into daily life make them ideal tools for this type of covert communication.
Dr. Guri tested the feasibility of SmartAttack under various conditions, including different distances, orientations, and environmental noise levels. The experiments revealed that data could be reliably exfiltrated at distances exceeding 20 feet, with bit rates up to 50 bits per second. However, they noted that lower bit rates, such as 5 bits per second, offered greater stability and accuracy over longer distances.
One key factor influencing the attack’s success is the position of the smartwatch relative to the transmitting computer. The study found that signal reception was strongest when the smartwatch had a direct line of sight to the computer’s speaker, particularly at angles where the body did not obstruct the signal.
For example, reception quality significantly improved when the smartwatch faced the computer directly or was oriented at certain angles (such as 90° or 225° relative to the speaker). In contrast, positions where the body or clothing blocked the signal led to greater attenuation and degradation.
The study also examined the effectiveness of different types of speakers used as transmitters. With built-in amplifiers, active speakers were the most reliable for sending ultrasonic signals over long distances, maintaining high signal-to-noise ratios (SNR) even up to 30 feet.
While more limited in power, laptop speakers still proved effective at short to medium ranges. On the other hand, passive speakers exhibited significant signal degradation beyond 20 feet, making them less suitable for long-range covert communication.
While ultrasonic hacking might sound like science fiction, the underlying technology is based on well-established principles. Ultrasonic covert channels have been studied for years, with earlier work focusing on smartphones as both transmitters and receivers. However, SmartAttack demonstrates a shift toward exploiting wearables that users are less likely to suspect or scrutinize.
Hackers could exploit supply chain attacks to transform unsuspecting smartwatch users into unwitting spies by compromising devices before reaching consumers.
In such attacks, malicious actors infiltrate smartwatch vendors’ manufacturing, distribution, or software update processes, embedding malware deep within the device’s firmware or pre-installed apps.
Once the smartwatch is used, the malware remains dormant until it detects specific triggers—such as proximity to a secure computer or an air-gapped system.
At that point, the infected smartwatch could silently activate its microphone to capture covert ultrasonic transmissions or other sensitive data, relaying it to the attacker via Wi-Fi, Bluetooth, or cellular connections. The user, unaware that their wearable has been weaponized, unknowingly carries an espionage tool into highly secure environments.
Traditional defenses, such as firewalls, intrusion detection systems, and endpoint security tools, provide no protection against acoustic-based data leaks. As Dr. Guri’s research reveals, even the most stringent cybersecurity measures can be compromised by the presence of a single smartwatch.”
Dr. Guri suggests several mitigation strategies to address the threat. These include restricting or banning audio-capable wearables in sensitive areas, deploying ultrasonic monitoring systems to detect unauthorized transmissions, or introducing ultrasonic jamming to disrupt potential covert channels.
However, each of these solutions comes with trade-offs. For instance, ultrasonic jamming could interfere with legitimate devices and applications that rely on ultrasonic signals.
The only foolproof defense is “audio-gapping,” which involves physically disabling or removing microphones and speakers in highly secure environments. This is the only truly effective way to eliminate the risk of covert acoustic-based spying.
As technology continues to evolve and wearable smart devices become increasingly integrated into our daily routines, this study’s findings serve as a sobering reminder of the hidden risks associated with convenience. The implications of this research are far-reaching, potentially reshaping the way we approach cybersecurity in high-security environments.
Ultimately, the smartwatch on your wrist may do more than track your steps or notify you of emails—it could also turn you into an unexpected cyber spy.
Tim McMillan is a retired law enforcement executive, investigative reporter and co-founder of The Debrief. His writing typically focuses on defense, national security, the Intelligence Community and topics related to psychology. You can follow Tim on Twitter: @LtTimMcMillan. Tim can be reached by email: tim@thedebrief.org or through encrypted email: LtTimMcMillan@protonmail.com