WilliamRJK said:Does not work on laptops (no SATA cables)ĭoes not work on systems with a caddy to a cableless backplane (Mac Pro 1,1-5,1 for example).
Building the receiver is surprisingly simple, but developing the requisite software and encoding techniques would require a high level of sophistication, meaning that these types of attacks are most likely relegated to nation-states engaging in espionage, meaning the average user has nothing to worry about. But then again, perhaps the complexity of the attack itself is the best protection for us normal folks.
The most direct method of protection would be to add extra electromagnetic shielding either on the SATA cable or to the PC's case. These tend to be low-yield methods of detection, though, because the transmissions and drive activity are easy to disguise.
Naturally, spooks can also use monitoring hardware of their own to detect if any nefarious transmissions are underway, or install software on secured machines that monitors abnormal file usage, like odd read and write activity to temporary files. The paper suggests that the first line of defense is to implement policies that prevent the initial penetration, along with other tactics, like forbidding radio receivers in the secured facility. There are several ways to mitigate these types of attacks, but they aren't foolproof. The philosophy behind this type of attack isn't new - researchers have previously demonstrated manipulating the clock rates of an AMD Radeon graphics card to create a radio transmitter that generated a signal that an attacker could receive through a wall 50 feet away - but the hacks are becoming increasingly sophisticated as researchers find new interfaces to exploit. The receiving device, in this case, a laptop, uses a Software Defined Radio (SDR) receiver to receive the signal. In this case, the receiver has to be within 1m of the transmitter due to increased bit error rates associated with longer distances. The attacker can then receive the signal from a nearby device, but the reach is limited.
Still, intense drive activity can muddy the transmissions, so it's best to pause or stop the transmission when heavy background activities occur. The researchers also noted that background operations that incur other traffic to the storage device are generally fine. While either read or write operations can effectively create the correct signals, the researcher notes that read operations typically don't require higher permissions at the system level and generate stronger signals (up to 3 dB) than write operations. Then it conducts certain types of file system access, like reads and writes, in a controlled manner to generate a signal on the cable. Once installed, the malicious software first encodes the data to be stolen. Otherwise, the attacker would need physical access to install the attack payload.
Naturally, the attacker would first have to install malicious software onto the targeted machine, but as we've seen with Stuxnet and other attacks, USB devices with malicious code can spread malware inside protected systems. Likewise, attackers can employ other mechanisms to steal important data, like files and images. This attack can be used in concert with keyloggers to steal passwords or other sensitive data. In this case, the researcher used the SATA cable as a wireless antenna that operated on the 6 GHz frequency band, thus transmitting a short message to the nearby laptop. Researcher Mordechai Guri at the University of the Negev, Israel, has accomplished the feat by converting a standard SATA cable into a radio transmitter, but without actually making any physical modifications to the hardware.Īs with all computer interfaces, the SATA bus generates electromagnetic interference during normal operation, and if used correctly, that interference can be manipulated and then used to transmit data. As such, it requires ultra-sophisticated techniques to steal data from them.
These systems are entirely isolated from any connection to the outside world, like a network or the internet, and also don't have any hardware that can communicate wirelessly, like wireless Bluetooth or Wi-Fi hardware. Some of the most sensitive data on the planet is stored in air-gapped systems. The ubiquitous SATA connection is used in billions of devices worldwide to connect hard drives and SSDs inside a PC, making it the perfect target for hackers looking for a sophisticated attack with a wide footprint. The software-based technique can work from user space or through a virtual machine (VM), and you can see a short demo in the embedded video below. Researchers today revealed a new 'SATAn' attack that can turn a SATA cable into a radio transmitter, thus allowing a hacker to exfiltrate data from a system that isn't connected to a network and transmit it to a receiver 1m away - all without physically modifying the SATA cable or hardware. (Image credit: Ben-Gurion University of the Negev, Israel)