Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems
A newly discovered data retrieval mechanism uses Ethernet cables as a “transmitting antenna” to secretly retrieve highly sensitive data from airtight systems, according to recent research.
“Interestingly, the cables that came to protect the air gap became vulnerable to the air gap in this attack,” said Dr. Mordechai Guri, head of research and development at the Center for Cybersecurity at Ben Gurion University in the Negev in Israel. told The Hacker News.
Duplicate “LANtenna Attack, “the new technology allows malicious code in computers with air gaps to accumulate sensitive data and then encode it on radio waves emitted by Ethernet cables as if they were antennas. The transmitted signals can then be intercepted by a nearby software-defined radio (SDR). ) receiver wirelessly, decodes the data and sends it to an attacker who is in the next room.
“In particular, malicious code can run in a simple process in user mode and work successfully from a virtual machine,” the researchers note in an accompanying text. paper entitled “LANTENNA: Data Retrieval from Overhead Networks via Ethernet Cables”.
Airtight networks are designed as a network security measure to minimize the risk of information leakage and other cyber threats by ensuring that one or more computers are physically isolated from other networks, such as the Internet or a local area network. They are usually connected because machines that are part of such networks have wireless network interfaces that are permanently disabled or physically removed.
This is not the first time Dr. Guri has demonstrated non-traditional ways to leak sensitive data from computers with air leaks. In February 2020, the security researcher fictional a method that uses small changes in the brightness of the LCD screen that remains invisible to the naked eye to secretly modulate binary information in models similar to the Morse code.
Then in May 2020, Dr. Guri showed how malware can use a computer’s power supply unit (PSU) to reproduce sounds and use it as an extra-band secondary speaker to leak data in an attack called “POWER SUPPLY. ”
Finally, in December 2020, the researcher showed “AIR-FI, “an attack that uses Wi-Fi signals as a hidden channel without requiring Wi-Fi hardware in the target systems.
The LANtenna attack is no different in that it works by using malware in the workstation with air leaks to induce the Ethernet cable to generate electromagnetic radiation in the 125 MHz bands, which are then modulated and intercepted by a nearby radio. . In a demonstration with proof of concept, data transmitted from a computer with an air gap through its Ethernet cable was obtained at a distance of 200 cm from each other.
As a countermeasure, the researchers propose to ban the use of radios in and around airtight networks and to monitor the activity of the network interface card layer for each hidden channel, as well as signal attenuation and the use of metal shielding to limit electromagnetic fields. interference with or emitted by shielded wires.
“This document shows that attackers can use Ethernet cables to filter out data from overhead networks,” the researchers said in the article. “Malware installed on a secure workstation, laptop, or embedded device can cause a variety of network activities that generate electromagnetic emissions from Ethernet cables.”
“Specialized and expensive antennas give a better distance and can reach tens of meters with some cables,” adds Dr. Guri.