Researchers today unveiled a new “SATAn” attack that could turn a SATA cable into a wireless transmitter. This allows hackers to steal data from systems that are not connected to the network and send it to receivers 1m away. SATA cable or hardware changes. Software-based techniques work from user space or through virtual machines (VMs). You can see a short demo in the embedded video below.
Ubiquitous SATA connectivity is used by billions of devices around the world to connect hard drives and SSDs in PCs, making it a perfect target for hackers looking for advanced attacks with a wide footprint. I am.
Some of the most sensitive data on the planet is stored in the air gap system. These systems are completely isolated from external connections such as networks and the Internet, and there is no hardware capable of wireless communication such as wireless Bluetooth or Wi-Fi hardware. Therefore, stealing data from them requires a very high level of skill. Mordechai Guri, a researcher at the University of Negev, Israel, Achieved great achievements Converts a standard SATA cable to a wireless transmitter, but doesn’t really require any physical hardware changes.
Like all computer interfaces, the SATA bus produces electromagnetic interference during normal operation. When used correctly, it can be used to manipulate the interference and send data. In this case, the researchers used the SATA cable as a wireless antenna operating in the 6 GHz frequency band and sent a short message to a nearby laptop. This attack could be used in conjunction with keyloggers to steal passwords and other sensitive data. Similarly, an attacker can use other mechanisms to steal sensitive data such as files and images.
Of course, the attacker must first install the malicious software on the targeted machine, but as seen in Stuxnet and other attacks, USB devices containing malicious code are malware inside the protected system. May spread. Otherwise, the attacker would need physical access to install the attack payload.
Once installed, malicious software first encodes the stolen data. It then performs certain types of file system access, such as read and write, in a controlled manner to generate a signal on the cable. Although either read or write operations can effectively produce the correct signal, researchers have found that read operations usually do not require higher authority at the system level and are stronger signals than write operations (up to 3 dB). ) Is generated. Researchers also pointed out that background operations that generate other traffic to storage devices are generally fine. Still, intense drive activity can muddy the transmission, so if you have a lot of background activity, it’s a good idea to pause or stop the transmission.
The attacker can then receive signals from nearby devices, but their reach is limited. In this case, the receiver must be within 1 m of the transmitter, as the bit error rate increases as the distance increases. The receiving device (in this case a laptop) uses a software defined radio (SDR) receiver to receive the signal.
These types of attacks aren’t new — researchers have previously demonstrated manipulating the clock rate of AMD Radeon graphics cards to create radio transmitters that attackers can receive through a wall 50 feet away. — But as researchers find new ones, attacks are becoming more and more sophisticated, exploiting interfaces.
There are several ways to mitigate these types of attacks, but they are not absolutely certain. This treatise suggests that the first line of defense is to implement a policy to prevent the first intrusion, along with other tactics such as banning radio receivers in safe facilities. Not surprisingly, spies use their own monitoring hardware to detect if malicious transmissions are in progress and to monitor unusual file usage such as strange read and write activity to temporary files. You can install the software to be installed on a secure machine. However, because send and drive activity can be easily disguised, they tend to be low yield detection methods.
Of course, the most direct protection is to add an additional electromagnetic shield to either the SATA cable or the PC case. But again, perhaps the complexity of the attack itself is the best protection for us ordinary people. Building a receiver is surprisingly easy, but developing the required software and encoding technology requires a high degree of skill. This means that these types of attacks are likely to be relegated to nations engaged in espionage. So the average user doesn’t have to worry unless the system has a nuclear launch code stored on it.
