"New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals"
Researchers at Ben-Gurion University of the Negev have discovered a new method for leaking information and jumping over air-gaps. The method involves Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, thus adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated for data theft. Despite the lack of wireless connectivity in air-gap computers, the researchers demonstrated that attackers could use the SATA cable as a wireless antenna to transfer radio signals in the 6GHz frequency band, according to Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center at the Ben-Gurion University of the Negev. The SATAn technique takes advantage of the computer bus interface's widespread use, making it highly accessible to attackers in a wide range of computer systems and IT environments. The goal is to use the SATA cable as a covert channel to emit electromagnetic signals and wirelessly transfer a small amount of sensitive data from highly secured, air-gapped computers to a receiver more than 1m away. An air-gapped network is one that is physically isolated from other networks to improve security. Air-gapping is regarded as a critical safeguard for high-value systems that are of great interest to espionage-motivated threat actors. Attacks on critical mission-control systems have increased in number and sophistication in recent years, as evidenced by the recent cases of Industroyer 2 and PIPEDREAM (aka INCONTROLLER). Dr. Guri is no stranger to developing novel methods to extract sensitive data from offline networks, having devised four different approaches since the beginning of 2020 that use various side-channels to steal information. These methods include BRIGHTNESS (LCD screen brightness), POWER-SUPPLaY (power supply unit), AIR-FI (Wi-Fi signals), and LANtenna (Ethernet cables). Compromising an air-gapped network requires more complex strategies such as a supply chain attack, the use of removable media (e.g., USBStealer and USBFerry), or rogue insiders to plant malware. This article continues to discuss the new air-gap attack involving SATA cables.
THN reports "New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals"