Hacking

LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables

Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a “transmitting antenna.”

Security researchers from the Cyber Security Research Center in the Ben Gurion University of the Negev (Israel) devised a new data exfiltration mechanism, dubbed LANtenna Attack, that leverages Ethernet cables as a “transmitting antenna” to steal sensitive data from air-gapped systems.

The research group lead by Dr. Mordechai Guri explained that data siphoned from air-gapped systems are encoded over radio waves emanating from Ethernet cables. Then data can be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, decoded, and sent to an attacker who is in an adjacent room.

“LANTENNA – a new type of electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in airgapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas. A nearby receiving device can intercept the signals wirelessly, decode the data, and send it to the attacker.” reads the paper published by the researchers. “Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine.”

The experts explained that often air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited to avoid data leaks.

The researchers used malware to exfiltrate collected data, modulating it, and transmitting wirelessly via the radio waves emanating from the Ethernet cables.

The electromagnetic emissions are generated by the Ethernet cable in the frequency bands of 125 MHz that can be intercepted by a nearby radio receiver.

In a test conducted by the researchers, data exfiltrated from an air-gapped computer was transmitted through the Ethernet cable and was received at a distance of 200 cm apart.

In a read attack scenario, threat actors have to physically compromise the air.gapped system, for example by leveraging a malicious insider or tricking personnel with access to the system into connecting an infected USB drive.

The researchers proposed several defensive measures that can be adopted against the LANTENNA attack such as:

  • implementing zone separation banning radio receiver from the area of air-gapped networks;
  • monitoring the network interface card link activity at the user and kernel levels. Any change of the link state
    should trigger an alert;
  • using RF monitoring hardware equipment to identify anomalies in the LANETNNA frequency bands;
  • blocking the covert channel by jamming the LANTENNA frequency bands;
  • Cable Shielding;

“This paper shows that attackers can exploit the Ethernet cables to exfiltrate data from air-gapped networks,” the researchers concluded. “Malware installed in a secured workstation, laptop, or embedded device can invoke various network activities that generate electromagnetic emissions from Ethernet cables.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, LANtenna Attack)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without consent; privacy…

3 hours ago

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise…

5 hours ago

Google fixed a Chrome vulnerability that could lead to full account takeover

Google released emergency security updates to fix a Chrome vulnerability that could lead to full…

5 hours ago

Nova Scotia Power discloses data breach after March security incident

Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after…

16 hours ago

Coinbase disclosed a data breach after an extortion attempt

Coinbase confirmed rogue contractors stole customer data and demanded a $20M ransom in a breach…

19 hours ago

U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities…

1 day ago