Visible to the public SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

TitleSATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables
Publication TypeConference Paper
Year of Publication2022
AuthorsGuri, Mordechai
Conference Name2022 19th Annual International Conference on Privacy, Security & Trust (PST)
KeywordsAir gaps, air-gap, composability, Computers, covert channels, electromagnetic, exfiltration, Human Behavior, leakage, Metrics, Network, pubcrawl, radio transmitters, resilience, Resiliency, SATA, Virtual machining, Wireless communication, Wireless sensor networks, Workstations
AbstractThis paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.
DOI10.1109/PST55820.2022.9851978
Citation Keyguri_satan_2022