LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission

@article{Guri2021LANTENNAED,
  title={LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission},
  author={Mordechai Guri},
  journal={2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)},
  year={2021},
  pages={745-754}
}
  • Mordechai Guri
  • Published 1 July 2021
  • Computer Science
  • 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)
In this paper we present LANTENNA - a new type of an electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanated from Ethernet cables. A nearby receiving device can intercept the signals wirelessly, decodes the data and sends it to the attacker. We discuss the exiltration techniques, examine the covert channel characteristics, and provide… 

USBCulprit: USB-borne Air-Gap Malware

  • Mordechai Guri
  • Computer Science
    European Interdisciplinary Cybersecurity Conference
  • 2021
This analysis tested and reverse-engineered the sample of USBCulprit, and investigated its internal design, modules, and techniques, and revised the data collection and air-gap exfiltration mechanisms.

References

SHOWING 1-10 OF 50 REFERENCES

xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs

It is shown how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers through different modulation and encoding schemas, along with a transmission protocol.

AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies

AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.

PowerHammer: Exfiltrating Data From Air-Gapped Computers Through Power Lines

An implementation, evaluation, and analysis of PowerHammer - an attack that uses power lines to exfiltrate data from air-gapped computers that fully conforms to civilian and military conductive emission standards is provided.

Bridging the Air Gap between Isolated Networks and Mobile Phones in a Practical Cyber-Attack

This article presents “AirHopper,” a bifurcated malware that bridges the air gap between an isolated network and nearby infected mobile phones using FM signals, and demonstrates how valuable data can be exfiltrated from physically isolated computers to mobile phones at a distance of 1--7 meters, with an effective bandwidth of 13--60 bytes per second.

USBee: Air-gap covert-channel via electromagnetic emission from USB

It is demonstrated how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector, and it is shown that the emitted RF signals can be controlled and modulated with arbitrary binary data.

BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations

This paper demonstrates BitWhisper, a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel, which supports bidirectional communication and requires no additional dedicated peripheral hardware.

Air-Gap Covert Channels

It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.

CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs

This paper extensively explore the exfiltration malware of an advanced persistent threat (APT) using the keyboard LEDs to encode information and exfiltrate data from airgapped computers optically in the context of a modern cyber-attack with current hardware and optical equipment.

ODINI: Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields

This paper shows how attackers can bypass Faraday cages and air-gaps in order to leak data from highly secure computers and introduces a malware codenamed ‘ODINI’ that can control the low frequency magnetic fields emitted from the infected computer by regulating the load of the CPU cores.