Spy On a Wrist: How Smartwatches Can Penetrate “Airgapped” Laptops

There you are in an overstuffed chair at your favorite coffee shop, sipping a vanilla sweet cream cold brew and working on that top secret professional project. But you know your laptop is vulnerable to snoopers through local Wi-Fi, so you “airgap” it – cut it off from networks.

This everyday form of airgapping means keeping your laptop unplugged from a physical internet or ethernet line. You would also disable all but the most basic programs, and turn off your Wi-Fi and Bluetooth. You might also want to arrive with plenty of juice to keep your laptop charged, given that some public USB ports used for charging have been known to be converted into data extractors, or “juice jacking.” (TSA and the FBI warns that this is common at airports).

Are you safe? Probably. But now we know that a person with a smartwatch seated several tables away might still be able to extract some of your data – by pulling it out of the air. All because you forgot to disable your laptop’s audio systems.

This is the finding of Ben-Gurion University researcher Mordechai Guri, who has made a career of finding exploitable weaknesses in computer networks of all kinds. He excels in identifying ways to break into standalone systems, long considered the gold standard in cyber security because they’re not connected to the outside world. Where the rest of us see only air, Dr. Guri observes an invisible world of electromagnetism, optics, vibration, sound, and temperature – all of them potential channels for covertly stealing and transmitting our data.

Now he’s suggesting that the humble smartwatch can take advantage of sound waves to defeat airgapped systems.

But just as no man is an island, no computer is completely, truly airgapped. Dr. Guri writes:
“While smartphones have been extensively studied in the context of ultrasonic covert communication, smartwatches remain largely unexplored. Given their widespread adoption and constant proximity to users, smartwatches present a unique opportunity for covert data exfiltration.”

It isn’t easily done, to be sure, but it’s doable. Here’s what Dr. Guri describes:

• An insider compromises a secured network or device (or your laptop) and installs malware.

 

• A nearby smartwatch has been modified to take advantage of various connectivity capabilities, turning it into a covert listening device. It makes for easy tracking, for example, everything you’re typing into that text editor or spreadsheet.

 

• The malware and the smartwatch connect. Beyond the range of human hearing, the malware transmits its stolen data at ultrasonic frequencies using the computer’s speakers.

 

• Computer and smartwatch can be up to 18 feet apart and still exchange data. That’s more than enough to open the door to compromise an airgapped computer to steal a password in a minute or a 4,096-bit encryption key in about an hour.

 

• The smartwatch decodes the transmission and sends it where it needs to go via its many available connections.

 

• Mission accomplished.

What makes the overlooked smartwatch so effective in this scenario? Pretty much everything about it, says Dr. Guri: “Smartwatches possess several technological features that enable them to receive ultrasonic signals effectively.” These include high-sensitivity microphones, advanced signal processing software, and powerful chips. (Dr. Guri’s personal site is appropriately named covertchannels.com and offers a deep-dive into his extensive research history.)
​
A smartwatch attack is a low-probability event for most people, at least for the moment. But the takeaway is that airgapping is still at best one layer of protection, not a guarantee of perfect security.  

DONATE & HELP US PROTECT YOUR PRIVACY RIGHTS