LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission
@article{Guri2021LANTENNAED,
title={LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission},
author={Mordechai Guri},
journal={2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)},
year={2021},
pages={745-754}
}In this paper we present LANTENNA - a new type of an electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanated from Ethernet cables. A nearby receiving device can intercept the signals wirelessly, decodes the data and sends it to the attacker. We discuss the exiltration techniques, examine the covert channel characteristics, and provide…
Figures and Tables from this paper
One Citation
USBCulprit: USB-borne Air-Gap Malware
- Computer ScienceEuropean Interdisciplinary Cybersecurity Conference
- 2021
This analysis tested and reverse-engineered the sample of USBCulprit, and investigated its internal design, modules, and techniques, and revised the data collection and air-gap exfiltration mechanisms.
References
SHOWING 1-10 OF 50 REFERENCES
xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs
- Computer Science2018 16th Annual Conference on Privacy, Security and Trust (PST)
- 2018
It is shown how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers through different modulation and encoding schemas, along with a transmission protocol.
AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies
- Computer Science2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)
- 2014
AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.
PowerHammer: Exfiltrating Data From Air-Gapped Computers Through Power Lines
- Computer ScienceIEEE Transactions on Information Forensics and Security
- 2020
An implementation, evaluation, and analysis of PowerHammer - an attack that uses power lines to exfiltrate data from air-gapped computers that fully conforms to civilian and military conductive emission standards is provided.
Bridging the Air Gap between Isolated Networks and Mobile Phones in a Practical Cyber-Attack
- Computer ScienceACM Trans. Intell. Syst. Technol.
- 2017
This article presents “AirHopper,” a bifurcated malware that bridges the air gap between an isolated network and nearby infected mobile phones using FM signals, and demonstrates how valuable data can be exfiltrated from physically isolated computers to mobile phones at a distance of 1--7 meters, with an effective bandwidth of 13--60 bytes per second.
MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields
- Computer ScienceFuture Gener. Comput. Syst.
- 2021
USBee: Air-gap covert-channel via electromagnetic emission from USB
- Computer Science2016 14th Annual Conference on Privacy, Security and Trust (PST)
- 2016
It is demonstrated how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector, and it is shown that the emitted RF signals can be controlled and modulated with arbitrary binary data.
BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations
- Computer Science2015 IEEE 28th Computer Security Foundations Symposium
- 2015
This paper demonstrates BitWhisper, a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel, which supports bidirectional communication and requires no additional dedicated peripheral hardware.
Air-Gap Covert Channels
- Computer Science
- 2016
It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.
CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs
- Computer Science2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)
- 2019
This paper extensively explore the exfiltration malware of an advanced persistent threat (APT) using the keyboard LEDs to encode information and exfiltrate data from airgapped computers optically in the context of a modern cyber-attack with current hardware and optical equipment.
ODINI: Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields
- Computer ScienceIEEE Transactions on Information Forensics and Security
- 2020
This paper shows how attackers can bypass Faraday cages and air-gaps in order to leak data from highly secure computers and introduces a malware codenamed ‘ODINI’ that can control the low frequency magnetic fields emitted from the infected computer by regulating the load of the CPU cores.