Home Electromagnetic Creating wireless signals with an Ethernet cable to steal data from air gap systems

Creating wireless signals with an Ethernet cable to steal data from air gap systems



According to the latest research, a recently discovered data exfiltration mechanism uses Ethernet cables as a “transmit antenna” to stealthily siphon highly sensitive data from isolated systems.

“It is interesting to note that the wires that came to protect the air gap become the vulnerability of the air gap in this attack,” Dr Mordechai Guri, head of R&D at the Cybersecurity Research Center of Ben Gurion University of Negev in Israel, The Hacker News reported.

Nicknamed “LANtenna attack“, the new technique allows malicious code in isolated computers to collect sensitive data, then encode it over radio waves emanating from Ethernet cables as if they were antennas. The transmitted signals can then be intercepted by a wireless nearby software-defined radio (SDR), decode the data and send it to an attacker who is in an adjacent room.

Notably, malicious code can run in an ordinary user mode process and operate successfully from a virtual machine, the researchers noted in a companion article titled, “LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables ”.

Automatic GitHub backups

Isolated networks are designed as a network security measure to minimize the risk of information leakage and other cyber threats by ensuring that one or more computers are physically isolated from other networks, such as the Internet or a local area network. They are usually wired because the machines that are part of these networks have their wireless network interfaces permanently disabled or physically removed.

This is far from the first time that Dr Guri has demonstrated unconventional ways of disclosing sensitive data from isolated computers. In February 2020, the security researcher devised a method that uses small changes in the brightness of the LCD screen, which remains invisible to the naked eye, to secretly modulate the binary information into Morse-like patterns.

Then, in May 2020, Dr Guri showed how malware could exploit a computer’s power supply unit (PSU) to play sound and use it as an out-of-band secondary speaker to leak data during ‘an attack called “POWER-SUPPLaY”.

Finally, in December 2020, the researcher introduced “AIR-FI”, an attack that exploits Wi-Fi signals as a secret channel without requiring the presence of Wi-Fi hardware on the targeted systems.

Corporate password management

The LANtenna attack is no different in that it works by using malware in the airspace workstation to trick the Ethernet cable into generating electromagnetic emissions in the 125 MHz frequency bands which are then modulated and intercepted by a nearby radio receiver. In a proof-of-concept demonstration, data transmitted from an isolated computer via its Ethernet cable was received at a distance of 200 cm.

As countermeasures, the researchers propose to prohibit the use of radio receivers in and around vacuum networks and to monitor the activity of the network interface card link layer for any hidden channels, as well as to jam signals and use a metal shield to limit electromagnetic fields from interfering with or emanating from the shielded wires.

“This article shows that attackers can exploit Ethernet cables to exfiltrate data from isolated networks,” the researchers said in the article. “Malware installed on a secure workstation, laptop or integrated device can invoke various network activities that generate electromagnetic emissions from Ethernet cables. “

“Dedicated and expensive antennas provide better distance and could reach tens of meters with some cables,” Dr Guri added.