SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

  title={SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables},
  author={Mordechai Guri},
  journal={2022 19th Annual International Conference on Privacy, Security \& Trust (PST)},
  • Mordechai Guri
  • Published 15 July 2022
  • Computer Science
  • 2022 19th Annual International Conference on Privacy, Security & Trust (PST)
This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this… 



GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies, is presented and its efficacy and feasibility are demonstrated, achieving an effective transmission distance of 1 - 5.5 meters with a standard mobile phone.

USBee: Air-gap covert-channel via electromagnetic emission from USB

It is demonstrated how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector, and it is shown that the emitted RF signals can be controlled and modulated with arbitrary binary data.

BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations

This paper demonstrates BitWhisper, a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel, which supports bidirectional communication and requires no additional dedicated peripheral hardware.

AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies

AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.

Exfiltrating data from air-gapped computers via ViBrAtIoNs

BitJabber: The World’s Fastest Electromagnetic Covert Channel

A new physical covert channel named BitJabber is introduced that is extremely fast and strong enough to even penetrate concrete walls and can enable data exfiltration from an air-gapped computer enclosed in a room with thick concrete walls up to 15 cm.

CTRL-ALT-LED: Leaking Data from Air-Gapped Computers Via Keyboard LEDs

This paper extensively explore the exfiltration malware of an advanced persistent threat (APT) using the keyboard LEDs to encode information and exfiltrate data from airgapped computers optically in the context of a modern cyber-attack with current hardware and optical equipment.

Air-Gap Covert Channels

It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.

ODINI: Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields

This paper shows how attackers can bypass Faraday cages and air-gaps in order to leak data from highly secure computers and introduces a malware codenamed ‘ODINI’ that can control the low frequency magnetic fields emitted from the infected computer by regulating the load of the CPU cores.