SoylentNews

Arthur T Knackerbracket has processed the following story:

The percentage of women in the semiconductor industry is stubbornly low. According to a report released in April, 51 percent of companies report having less than 20 percent of their technical roles filled by women. At the same time, fewer of these companies were publicly committed to equal opportunity measures in 2024 than the year prior, the same report found.

This lack of support comes at the same time that major workforce shortages are expected, says Andrea Mohamed, COO and co-founder of QuantumBloom, which helps companies attract, retain, and advance early career women in STEM. The company focuses on the transition from higher education to the workforce, a critical point during which many women leave STEM.

[...] I understand the pressures that companies are facing around anything that's related to DEI. We need to change the conversation from DEI to talent management. This is retention and avoiding turnover costs. This is about needing every available brilliant mind in the United States that wants to be in semiconductors. We have offshored this industry for so long. Other countries have existing talent bases. We have to build it.

So there are semantics in all of this, but it's not just relabeling. This is about business. You are not going to be able to compete on a global stage in the United States if you are not finding ways to attract and retain new communities of workers, and women are one of those communities. That means understanding what women need from their employer, because if you do not provide it, they will go somewhere else that does. The concern by companies about, if they run a program like QuantumBloom, does that create a risk? It's the wrong question about risk. Your big risk is that your fab is empty, because you can't find workers and retain them.

In other industries, there are organizations that are very intentional about attracting and retaining their youngest talent. They are dedicating resources to investing in them, which is very rare - most organizations invest more the higher up you go. Really, we need to be thinking about flipping that script and investing more sooner.

upstart writes:

Starship 36 was preparing for 10th test flight from Texas when it underwent 'catastrophic failure' while on stand:

Starship 36 was preparing for 10th test flight from Texas when it underwent 'catastrophic failure' while on stand

[...] SpaceX said the rocket was preparing for the 10th flight test when it "experienced a major anomaly while on a test stand at Starbase", without elaborating on the nature of the complication.

[...] The Starship explosion occurred during a "routine static fire test", according to the Cameron County authorities.

During a static fire, part of the procedures preceding a launch, the Starship's Super Heavy booster would be anchored to the ground to prevent it from lifting off during the test firing.

[...] At 123 metres high (403ft), Starship is the world's largest and most powerful rocket and central to Musk's long-term vision of colonising Mars.

The Starship is billed as a fully reusable rocket with a payload capacity of up to 150 metric tonnes.

[...] The previous two outings also ended poorly, with the upper stage disintegrating over the Caribbean.

The failures will probably do little to dent Musk's space ambitions.

SpaceX has been betting that its "fail fast, learn fast" ethos, which has helped it dominate commercial spaceflight, will eventually pay off.

The company has caught the Super Heavy booster in the launch tower's giant robotic arms three times – a daring engineering feat it sees as being key to rapid reusability and slashing costs.

Nasa is increasingly relying on SpaceX, whose Dragon spacecraft is used to ferry astronauts to and from the International Space Station.

Original Submission

Arthur T Knackerbracket has processed the following story:

The LibreOffice project is preparing to cut some Windows support - and encourages users to switch to Linux.

The Document Foundation, the organization that backs and guides development of LibreOffice since Oracle dropped the ball, has a strong point of view about the future. Some of it is very visible, in a blog post about the looming end of Windows 10, but some is buried in the development notes about the work-in-progress next version, which will be LibreOffice 25.8.

The title of the blog post is self-explanatory. The end of Windows 10 is approaching, so it's time to consider Linux and LibreOffice. They're right. The post also links to the KDE-backed End of 10 campaign, which we covered a month ago. That site's list of places to go for help has been improved with a zoomable world map, but we feel it still badly needs some kind of hierarchical organization.

The blog also links to Distro Chooser, which is a noble idea, but with flawed execution. This site leads you through a set of questions and then recommends what Linux distributions might suit you. We found the presentation of the results overwhelming, though. It seems to be a list of all the candidates, color-coded according to how good a match they are. The Reg FOSS desk generally feels that "Less is more," and here, just distilling the results down to, say, a top three would far be more helpful.

We are sure that some people will dismiss any and all Linux distros as being inferior, just as they do of LibreOffice itself. That's not the point. The point is that it is a free alternative. You get the reward of breaking free of paid-for software you don't own.

Oracle washed its hands of OpenOffice and then dumped it on the Apache Foundation more than a decade ago.

OpenOffice does officially still exist but there hasn't been a new release in a couple of years, and we recommend avoiding it. LibreOffice is a direct in-place upgrade and will open the same files.

PiMuNu writes:

From:
https://www.bbc.co.uk/news/articles/cq8zxx9kk0ko

Two breakthrough Alzheimer's drugs have been deemed far too expensive, for too little benefit, to be offered on the NHS. The medicines are the first to slow the disease, which may give people extra time living independently.

The National Institute for Health and Care Excellence (NICE) concluded they were a poor use of taxpayers' money and said funding them could lead to other services being cut. Campaigners say it is a disappointment, but other dementia experts have also supported the decision.

The two drugs, donanemab and lecanemab, both help the body clear a gungy protein that builds up in the brains of people with Alzheimer's disease.

[...] The official price in the US is £20,000-£25,000 per patient per year. What the NHS would pay is confidential.

Around 70,000 people in England with mild dementia would have been eligible, potentially putting the bill in the region of £1.5bn a year for the drugs alone.

NHS resources, including infusing the drugs every two-to-four weeks and frequent brain scans to manage dangerous side effects, would also massively ramp up the cost.

Original Submission

fliptop writes:

From New York to California, state renewable electrical power dreams are collapsing. Power demands soar, while the federal government cuts funding and support for wind, solar, and grid batteries. Renewables cannot provide enough power to support the artificial intelligence revolution. The Net Zero electricity transition is failing in the United States:

For the last two decades, state governments have embraced policies aimed at replacing coal and natural gas power plants with renewable sources. Twenty-three states enacted laws or executive orders to move to 100% Net Zero electricity by 2050. Onshore and offshore wind, utility-scale and rooftop solar, and grid-scale batteries were heavily promoted by states and most federal administrations.

The New York State Climate Action Scoping Plan [PDF] of 2022 called for 70% renewable electricity by 2030 and 100% by 2040. But 49.7% of the state's electricity came from gas in 2024, up from 47.7% in 2023. A January executive order issued by President Trump halted federal leases for construction of offshore wind systems. New York, nine other east coast states, and California were counting on offshore wind in efforts to get to 100% renewable electricity, but new offshore wind projects are now halted.

Wind and solar have benefited from federal tax credits, loans, and outright grants since 1992. But the Trump administration is now working to slash federal government support for these technologies. The One Big Beautiful Bill Act (OBBB) passed the House of Representatives on May 22. The bill eliminates Production Tax Credits and Investment Tax Credits for renewable systems that begin construction later than 60 days after passage of the bill or for projects that do not complete construction by year end 2028. The bill also halts the sale of tax credits from renewable projects. If the Senate passes the bill, these measures will choke off green energy projects that have relied on federal funding for decades.

[...] Along with federal cutbacks, the artificial intelligence (AI) revolution now drives the nation's power system, interrupting the renewable electricity transition. Microsoft, Meta, Google, Amazon, and other giant firms are building new data centers and upgrading existing data centers to power AI. AI processors run 24-hours a day for months to enable computers to think like humans. When servers are upgraded to support AI, they consume 6 to 10 times more power than when used for cloud storage and the internet. Data centers consumed 4% of US electricity at the start of 2024 but are projected to consume 20% within the next decade.

[...] In December, the North American Electric Reliability Corporation concluded [PDF] that that over half of North America risks power shortfalls in the next decade from surging demand and coal and gas plant retirements. Grid operators are now stepping back from the transition to wind and solar. Coal-fired power plant closures have been postponed in Georgia, Indiana, Illinois, Tennessee, Utah, West Virginia, and other states. Nuclear plants are being restarted in Michigan and Pennsylvania. But the big winner will be natural gas.

More than 200 gas plants are planned or under construction. Gas facilities can be brought online in about three years, compared to ten years for nuclear plants. Gas plants can be built near cities, often on former power plant sites, and require fewer new transmission lines than needed by wind and solar systems.

TFA talks about BYOP (bring your own power) trends for AI and the perils of using lithium batteries for storing wind and solar generated energy.

Related:

• We did the Math on AI's Energy Footprint. Here's the Story you Haven't Heard.
• AWS Claims That Britain Needs More Nuclear Power for AI Datacenters
• PA's Largest Coal Plant to Become 4.5GW Gas-Fired AI Hub

Original Submission

PiMuNu writes:

Physics reports that Fermilab's g-2 collaboration has now published its final result.

https://physics.aps.org/articles/v18/116

After measuring the wobbles of 300 billion muons, the Muon g − 2 Collaboration has pinpointed with exquisite precision the internal magnetism of these subatomic particles. The muon's magnetic strength, or moment, has animated particle physics research over the past two decades, as experiment and theory appeared to disagree over its value—raising a flag for possible new physics. In a somewhat surprising turn of events, the final results from the Muon g − 2 experiment line up with the most recent predictions, further validating the standard model of particle physics.

The muon—the heavy cousin to the electron—started to grab the particle-physics spotlight in the 1990s when an experiment at Brookhaven National Laboratory in New York reported the first hints that the muon's magnetic behavior might not match predictions based on the standard model, which has otherwise been widely successful in explaining the subatomic world. The Brookhaven measurements involved magnetically trapping muons in a circular ring and observing how much their internal magnet, or "spin," wobbled around an applied magnetic field. To further investigate this discrepancy, the experiment's big magnet was moved cross-country in 2013 to Fermi National Laboratory (Fermilab) in Illinois. The first results from the transplanted Muon g − 2 experiment came out in 2021, showing good agreement with the Brookhaven findings and raising the significance of the discrepancy (see Viewpoint: Muon's Escalating Challenge to the Standard Model).

The discrepancy has apparently been resolved following improvements to the theoretical estimate for g-2. The Standard Model of Particle Physics - disappointingly for particle physicists - still stands as an entirely accurate prediction of almost all of subatomic physics (the exception being neutrino oscillations https://en.wikipedia.org/wiki/Neutrino_oscillation ).

Preprint paper:
http://arxiv.org/abs/2506.03069

Previously:
    • g-2 Releases New Data
    • Making Sense of the Muon's Misdemeanours
    • Muon G-2 Experiment Hints at Mysterious New Physics
    • Latest Muon Measurements Hint at Cracks in the Standard Model
    • The Cloak-and-Dagger Tale Behind This Year's Most Anticipated Result in Particle Physics
    • Precision Measurements of the Standard Model

Original Submission

cereal_burpist writes:

Welcome to the 'infinite workday' of 8 p.m. meetings and constant messages

While probably not news to many Soylentils, it's interesting to me that this comes from (a Big-Bad-Corp like) Microsoft. Will they, or any companies, implement changes based on these findings? [endless laughter]

Workers are struggling to cope with a "seemingly infinite workday," involving an increasing load of meetings scheduled at 8 p.m. or later and a near-constant stream of interruptions, according to new research by Microsoft. The company analyzed data from users of Microsoft 365 services... globally between mid-January and mid-February. It found that the number of meetings booked between 8 p.m. and just before midnight had risen 16% compared with last year. Geographically dispersed teams, as well as those with flexible working arrangements, were responsible for much of that increase.

"The infinite workday... starts early, mostly in email, and quickly swells to a focus-sapping flood of messages, meetings, and interruptions," Microsoft said in a report Tuesday.

The company found that the average worker is interrupted every two minutes by a meeting, an email or a chat notification during a standard eight-hour shift — adding up to 275 times a day.

And those messages don't stop after they've clocked off. During the study period, the average employee sent or received 58 instant messages outside of their core working hours — a jump of 15% from last year.

The typical worker also receives 117 emails per day and, by 10 p.m., almost one-third of employees are back in their inboxes, "pointing to a steady rise in after-hours activity," Microsoft noted.

[...] "It's the professional equivalent of needing to assemble a bike before every ride. Too much energy is spent organizing chaos before meaningful work can begin," it added.

[...] One outcome is that one-third of workers feel it has been "impossible to keep up" with the pace of work over the past five years, according to a Microsoft-commissioned survey of 31,000 employees around the world, cited in the Tuesday report.

Original Submission

An Anonymous Coward writes:

https://www.wsj.com/health/wellness/marijuana-to-treat-autism-some-parents-say-yes-1d9a3ad1
https://archive.ph/ZK2KH

Marijuana is becoming easier to get in many states, and one group showing interest might surprise you: parents of children with autism.
In online and support groups, families swap tips and share experiences—even though the science is still inconclusive. Most doctors don't prescribe cannabis and usually advise against it.

But the few who do say demand is rising. Dr. Mohsin Maqbool, a pediatric neurologist in Plano, Texas, says about a third of his patients are children with autism and about 40% of them treated with cannabis.

He prescribes a combination of THC, the main psychoactive component of marijuana, and CBD, another part of the cannabis plant that doesn't produce a high and can counteract some of the impact of THC.

While medical marijuana is prescribed for everything from cancer symptoms to epilepsy to chronic pain and even dementia, its use in children with autism is more controversial.

After all, we know regular use of THC in adolescents can negatively impact their developing brains and lead to a higher risk of mental-health problems.

But recreational and medical use of marijuana are quite different. These patients aren't getting high—their families and doctors are intentionally avoiding that by strictly regulating and individualizing the dose.
And the parents of children with autism are often desperate to try something to help treat their children for a neurodevelopmental condition that has no definitive cause. They say cannabis is no more risky than the other medications they've tried unsuccessfully, often with many side effects.

Take Marlo Jeffrey, a nurse practitioner who lives outside Dallas. She says she has tried countless medications for her son, Jaiden Gaut. He is an 11-year-old who was diagnosed with ADHD and high-functioning autism when he was 5. His symptoms include anger and aggression, sometimes escalating to self-harm and violence.

Jeffrey took her son to see Dr. Maqbool last fall. Jaiden started THC/CBD gummies, escalated his dose over a month, until he got up to 7.5 milligrams of THC and CBD each a day.

"His behavior improved a lot during that time," says Jeffrey. Jaiden was able to stop taking another medication that had caused him to gain a lot of weight. His physical aggression and cursing improved. He stopped using repetitive words as much and his thinking became more flexible. Since then, he has transitioned to a mainstream school and his grades have gone up.

But anecdotal success doesn't equate to scientific validation. Many doctors aren't yet convinced cannabis is a safe and effective treatment. Groups like the American Academy of Child & Adolescent Psychiatry warn against treating autistic children with cannabis. The Autism Science Foundation says parents should be "very cautious about giving THC to their children" and more research needs to be done on CBD. Some researchers and doctors say CBD shows promising signs as a treatment for autism but are wary of THC.

Most CBD consists of trace amounts of THC. Dr. Doris Trauner, neuroscience professor at the UC San Diego School of Medicine, says she has had patients whose CBD from dispensaries had higher-than-expected concentrations of THC, and they ended up experiencing worse behavior. "Children became aggressive, some almost psychotic," she says. "That's not across the board, of course. But I do think that a lot of physicians would be concerned about using high amounts of THC."

owl writes:

https://arstechnica.com/gadgets/2025/06/reddit-user-surprised-when-1960s-computer-panel-emerged-from-collapsed-family-garage/

Recently, a Reddit user discovered a rare RCA Spectra 70/35 computer control panel from 1966 in their family's old collapsed garage, posting photos of the pre-moon landing mainframe component to the "retrobattlestations" subreddit that celebrates vintage computers. After cleaning the panel and fixing most keyswitches, the original poster noted that actually running it would require "1,500lbs of mainframe"—the rest of the computer system that's missing.

As it turns out, the panel had been sitting in the garage for decades without the poster's knowledge. "In short my house is a two-family, my dad used to rent out the other half before I was born," explained SonOfADeadMeme in the thread on Friday. "One of the people who rented out the apartment worked at IBM (apparently the RCA Spectra 70's were compatible with IBM sets from the time) and shortly before he left he shown [sic] up with a forklift and left something in the garage."

Original Submission

upstart writes:

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction:

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction.

The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already addressed by Microsoft. There is no evidence that the shortcoming was exploited maliciously in the wild.

"AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network," the company said in an advisory released Wednesday. It has since been added to Microsoft's Patch Tuesday list for June 2025, taking the total number of fixed flaws to 68.

Aim Security, which discovered and reported the issue, said it's instance of a large language model (LLM) Scope Violation that paves the way for indirect prompt injection, leading to unintended behavior.

LLM Scope Violation occurs when an attacker's instructions embedded in untrusted content, e.g., an email sent from outside an organization, successfully tricks the AI system into accessing and processing privileged internal data without explicit user intent or interaction.

"The chains allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior," the Israeli cybersecurity company said. "The result is achieved despite M365 Copilot's interface being open only to organization employees."

In EchoLeak's case, the attacker embeds a malicious prompt payload inside markdown-formatted content, like an email, which is then parsed by the AI system's retrieval-augmented generation (RAG) engine. The payload silently triggers the LLM to extract and return private information from the user's current context.

[...] "The attack results in allowing the attacker to exfiltrate the most sensitive data from the current LLM context - and the LLM is being used against itself in making sure that the MOST sensitive data from the LLM context is being leaked, does not rely on specific user behavior, and can be executed both in single-turn conversations and multi-turn conversations."

EchoLeak is especially dangerous because it exploits how Copilot retrieves and ranks data – using internal document access privileges – which attackers can influence indirectly via payload prompts embedded in seemingly benign sources like meeting notes or email chains.

Original Submission

Motor Trend is running a piece on the latest Honda introduction,
https://www.motortrend.com/news/honda-fastport-equad-electric-delivery-quadricycle-first-look-review

As well as being narrow enough to (just) fit in bike lanes, it also has swap-able batteries so delivery-drivers won't need to wait for a charge. The illustration shows a stripped down four wheel vehicle with partial driver enclosure and a large cargo box on back. Sort of an update on the three-wheel pedicab, and this does have pedals which increase the range a bit if the driver uses them.

Top speed quoted as 12 mph, which should be fast enough to keep up with most of the traffic in NYC and other high density cities around the world. If this was used for in-city delivery instead of full-sized ICE vehicles it could make a significant reduction in congestion, to say nothing of ICE pollution.

First thought is that this is filling the gap between current electric cargo bikes and traditional delivery vehicles.

Original Submission

Arthur T Knackerbracket has processed the following story:

The Stern-Gerlach experiment is, in my opinion, truly the first test that forced the results of quantum mechanics onto the scientific community. Proposed by Otto Stern and conducted by Walther Gerlach in 1922, it showed that atoms have a quantum structure. Electrons, it turned out, must follow quantum rules. The Stern-Gerlach experiment also highlights a weird feature of the quantum world: it seems that the observer can determine the possible properties a particle can have. If I measure a quantum property known as spin, the fact the measurement happened seems to change the possible values of spin a particle can have later. In other words, whether a particle was observed or not determines its future.

In physics, we are socialised to the idea that we are outside of the physical system, watching it. In this experiment, suddenly we aren’t. In my experience, students initially absorb this as a fact they must accept. Only after being forced to think about it a few times do they realise it isn’t consistent with their sensibilities about how reality works. Accepting the results is a surreal experience. Wonderfully surreal.

When I sat down and thought about how to communicate what it is like to watch the demise of US science in real time, “surreal” is the word that came to mind. It isn’t the same kind of surreal as Stern-Gerlach, which feels like being re-introduced to reality – although you realise you had been living with a false sense of the world before, the new one is cool and exciting, so that’s all right.

Our current political moment instead feels like realising that we had been living with a false sense of security – that US science and government support for it would be there tomorrow – but without a cool new reality on the other side. Instead, the US government is dispensing with publicly funded culture, throwing it into a black hole. I don’t make that metaphor lightly; I think it’s important. When an object crosses a black hole’s event horizon, it is the point of no return. The object can’t go back.

We are in the same situation. While the universe will still be there to be understood, the damage to our capacity for research will be long lasting and the alteration to our trajectory permanent. Already, a generation of master’s and PhD students has had the number of available slots reduced. Aspiring professors aren’t being trained in the same numbers; this affects not just future scientists but science communicators, too.

[...] This surreal moment isn’t just happening to US-based scientists and the US public. Because so much of the science we all read about comes from the US, it’s happening to you, too.

Original Submission

fliptop writes:

With this week's release of Android 16, Google added a new security feature to Android, called Advanced Protection. At-risk people—like journalists, activists, or politicians—should consider turning on. Here's what it does, and how to decide if it's a good fit for your security needs:

To get some confusing naming schemes clarified at the start: Advanced Protection is an extension of Google's Advanced Protection Program, which protects your Google account from phishing and harmful downloads, and is not to be confused with Apple's Advanced Data Protection, which enables end-to-end encryption for most data in iCloud. Instead, Google's Advanced Protection is more comparable to the iPhone's Lockdown Mode, Apple's solution to protecting high risk people from specific types of digital threats on Apple devices.

Advanced Protection for Android is meant to provide stronger security by: enabling certain features that aren't on by default, disabling the ability to turn off features that are enabled by default, and adding new security features. Put together, this suite of features is designed to isolate data where possible, and reduce the chances of interacting with unsecure websites and unknown individuals.

[...] It's also worth considering that enabling Advanced Protection may impact how you use your device. For example, Advanced Protection disables the JavaScript optimizer in Chrome, which may break some websites, and since Advanced Protection blocks unknown apps, you won't be able to side-load. There's also the chance that some of the call screening and scam detection features may misfire and flag legitimate calls.

TFA gives instructions on how to enable and disable Advanced Protection.

Related: Apple's New Lockdown Mode for iPhone Fights Hacking

Original Submission

hubie writes:

Previous associations seen between fitness and a reduced risk of premature death from various diseases have probably been misleading:

Many observational studies have shown that people who exercise more and have good cardiorespiratory fitness early in life are at lower risk of premature death from causes such as cancer and cardiovascular disease. However, a new study published in the European Journal of Preventive Cardiology suggests that the association between physical fitness and a reduced risk of mortality may be misleading.

"We found that people with high fitness levels in late adolescence had a lower risk of dying prematurely, for example from cardiovascular disease, compared to those with low fitness levels. But when we looked at their risk of dying in random accidents, we found an almost similarly strong association. This suggests that people with high and low fitness levels may differ in other important ways, which is something that previous studies have not fully taken into account," says Marcel Ballin, associated researcher in epidemiology and lead author of the study.

[...] The researchers started with a traditional analysis of mortality from cardiovascular disease, cancer and from all causes, as in previous observational studies. They adjusted their statistical models for factors such as BMI, age at conscription, year of conscription, and parents' income and education level. The results showed that the group with the highest fitness level had a 58 per cent lower risk of dying from cardiovascular disease, a 31 per cent lower risk of dying from cancer, and a 53 per cent lower risk of dying from all causes, compared with the group with the lowest fitness level.

Next, the researchers examined how fitness was associated with the risk of dying in random accidents such as car accidents, drownings and homicides. They chose random accidents because they assumed that there ought to be no association between the men's fitness in late adolescence and the risk of dying in random accidents. This method is called negative control outcome analysis and involves testing the validity of your results for a primary outcome by comparing them with an outcome where no association ought to be found. If, however, an association is found, it may indicate that the groups studied are not actually comparable, and that the study suffers from what is typically referred to as confounding. The researchers found that men with the highest fitness levels had a 53 per cent lower risk of dying in random accidents. Yet, it is unlikely that the men's fitness would have such a big effect on their risk of dying in random accidents.

hubie writes:

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems:

Air-gapped systems, commonly deployed in mission-critical environments such as government facilities, weapons platforms, and nuclear power plants, are physically isolated from external networks to prevent malware infections and data theft.

Despite this isolation, they remain vulnerable to compromise through insider threats such as rogue employees using USB drives or state-sponsored supply chain attacks.

Once infiltrated, malware can operate covertly, using stealthy techniques to modulate the physical characteristics of hardware components to transmit sensitive data to a nearby receiver without interfering with the system's regular operations.

SmartAttack was devised by Israeli university researchers led by Mordechai Guri, a specialist in the field of covert attack channels who previously presented methods to leak data using LCD screen noise, RAM modulation, network card LEDs, USB drive RF signals, SATA cables, and power supplies.

While attacks on air-gapped environments are, in many cases, theoretical and extremely difficult to achieve, they still present interesting and novel approaches to exfiltrate data.

SmartAttack requires malware to somehow infect an air-gapped computer to gather sensitive information such as keystrokes, encryption keys, and credentials. It can then use the computer's built-in speaker to emit ultrasonic signals to the environment.

By using a binary frequency shift keying (B-FSK), the audio signal frequencies can be modulated to represent binary data, aka ones and zeroes. A frequency of 18.5 kHz represents "0," while 19.5 kHz denotes "1."

Frequencies at this range are inaudible to humans, but they can still be caught by a smartwatch microphone worn by a person nearby.

The sound monitoring app in the smartwatch applies signal processing techniques to detect frequency shifts and demodulate the encoded signal, while integrity tests can also be applied.

The final exfiltration of the data can take place via Wi-Fi, Bluetooth, or cellular connectivity.

The smartwatch can either be purposefully equipped with this tool by a rogue employee, or outsiders may infect it without the wearer's knowledge.

[...] The researchers say the best way to counter the SmartAttack is to prohibit using smartwatches in secure environments.

Another measure would be to remove in-built speakers from air-gapped machines. This would eliminate the attack surface for all acoustic covert channels, not just SmartAttack.

If none of this is feasible, ultrasonic jamming through the emission of broadband noise, software-based firewalls, and audio-gapping could still prove effective.

Original Submission