![]() ![]() In the case of the Air-Fi attack, the requirements are minimal. While difficult, this is not impossible and has happened on numerous occasions through supply-chain attacks, compromising third-party software, and malicious or unsuspecting insiders. One of the key challenges of attacking air-gapped systems is the initial compromise: that is, infecting the network’s computers with malware. Infecting air-gapped computersĪir-gapping is a security measure employed to ensure that a secure computer network is physically isolated from unsecured networks, such as the public internet or insecure local area network (LAN). This can enable attackers to steal information from air-gapped systems without requiring special hardware or network connectivity.Ĭodenamed ‘Air-Fi’ and published on the arXiv preprint server, the research has been in the works for a year, Guri told The Daily Swig. In his latest research, Mordechai Guri, who has a long history of exposing the security shortcomings of air-gapped systems, shows that memory buses on most computers emit signals that can be picked up by WiFi-capable devices. Ref: SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables : /abs/2207.Where’s a Faraday cage when you need one?Īttackers can compromise computers that have no internet connectivity and steal their data through memory operations and WiFi receivers, a security researcher at Ben-Gurion University of the Negev, Israel, has found. However, cybersecurity researchers often publish new exploits like this so that countermeasures can be quickly adopted in facilities that might be vulnerable (even though publication also reveals how to conduct the exploit in the first place). Guri does not mention any evidence that attacks like this have been used in the real world (although that doesn’t guarantee they haven’t). Another option is to monitor the 6Ghz frequency, looking for unexpected broadcasts or even to jam those frequencies. It should also be possible to create code that monitors any unusual activity related to the SATA cables. “Preventing the initial penetration is the first step that should be taken as a preventive countermeasure,” he says.Įnsuring there are no devices nearby capable of recording signals is also a sensible measure that is currently used in NATO and US secure facilities. ![]() He goes on to outline various countermeasures to prevent this kind of attack. Guri also showed that the attack can be carried out from within a guest virtual machine, making it much more capable. “We show that attackers can exploit the SATA cable as an antenna to transfer radio signals in the 6 GHz frequency band,” says Guri. He then used a laptop placed about a meter away to monitor transmissions in the 6Ghz band, decoding the word “SECRET” from the illicit broadcasts. This code caused the computer’s SATA cable to broadcast data at a rate of about 1 bit/ sec. To test the idea, Guri wrote the code a capable of creating these signals and uploaded it to an air-gapped desktop PC. “The SATA interface is highly available to attackers in many computers, devices, and networking environments,” he says. ![]() Guri’s idea is to modulate the transmission of information along the cable in a way that generates radio signals that can be picked up nearby by equipment monitoring 6Ghz radio frequencies. The cables are a few centimeters long and most operate at a frequency of 6 Gb/sec. Now Mordechai Guri, a cybersecurity researcher at Ben-Gurion University in Israel has found another way - to use the SATA cables inside a computer as wireless aerials to broadcast information via radio waves.Ī SATA cable connects a motherboard data bus to a mass storage device such as a solid-state drive, optical drive or hard disc drive.
0 Comments
Leave a Reply. |