News

Researchers exfiltrate data from air-gapped PCs by analyzing SATA cables

By admin
Spread the love

Security researchers have found a way to exfiltrate data from air-gapped networks by eavesdropping on the radio frequencies of SATA cables. The attack, SATAn, can read approximately one bit of data per second, including from unrooted systems and VMs.

The research was conducted by scientists at Ben Gurion University in the Negev in Israel. The researchers call their findings SATAn. In the paper, the researchers manage to manipulate a computer within an air-gapped network in such a way that it transmits data that can then be transmitted via the SATA cable. In practice, the attack method will be difficult to exploit. This is partly because the researchers had to manipulate the victim’s PC itself in order to send data.

For the research, the scientists infiltrated an Ubuntu PC with homemade malware. They assume in a setup that an attacker can gain physical access to a system. For a successful attack, the desktops must use at least a SATA III cable, which has a bandwidth of 6Gb/s. The cables transmit an electromagnetic signal at a width between 5.9995 GHz and 5.9996 GHz. The malware that the researchers put on the target’s PC uses an algorithm to convert information into a signal that then arrives at a recipient. The researchers managed to send the word ‘secret’ and read and decode it on a laptop with an RF receiver in it. According to the makers, it should also be technically possible to send not only read but also write signals to a PC, but this has two drawbacks. Firstly, the signal is much weaker, the transmission of information takes much longer and sometimes noise is created in the signal. Second, write operations require more permissions on a target’s PC.

The hack can be performed on systems where a victim only has user rights. It is also possible to carry out the attack from a virtual machine, although the researchers warn that the transfer speed will seriously decrease.

The investigation was conducted by a team led by Mordechai Guri. He has conducted dozens of investigations into air-gapped malware and data exfiltration in the past. They all follow roughly the same pattern, but differ in the way in which the data is intercepted. Sometimes this is done through the sound of hard drives or fans, other times by manipulating the lights on routers or the heat of CPUs. Last year Tweakers wrote an article about Guri and his methods.

What is striking about the SATAn study is that the researchers only describe how they can read self-sent information. Some of Guri’s other studies looked specifically at how, for example, passwords or other information could be read from secure enclaves, but that is not the case here.

SATAn also has some other limitations. For example, the laptop with the radio receiver cannot be too far from the infected laptop because then too much noise is created on the line. The researchers speak of a maximum of 1.2 metres. The further away the laptop is within that distance, the worse the signal becomes. Extensive use of PC hardware could also affect the signal that can be read.

You might also like
Review

New software and more clarity – These are the new Philips TVs of 2023

Review

The AMD Ryzen 7 5800X3D revisited Now a good deal?

News

Buds2 Pro earbuds from Samsung have speak-to-chat functionality

News

More than 100 Dutch dental practices temporarily closed after cyber attack –…

News

GitLab isn’t going to delete inactive projects anyway

News

Defense will miss deadline to remove eavesdropping station from Burum

Exit mobile version