Air Gapped Systems Can Be Hacked by Creating Wireless Signals with Ethernet Cable
Reading Time: 2 minutes

Air gapped systems can be hacked by creating wireless signals with Ethernet cable. According to Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, “It’s interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack.”

This means Ethernet cables used as a transmitting antenna can be used to steal highly sensitive data from air-gapped systems.

The technique is called “LANtenna Attack,” it enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas. These signals can be intercepted by a nearby software-defined radio (SDR) receiver wirelessly. Later the data is decoded and sent to an attacker in an adjacent room.

Researchers have mentioned everything about it in a document titled “LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables.” They mentioned, “Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine.”

Typically Air-gapped networks are designed for security purposes to minimize the risk of leaking information and other cyber threats. It ensures that one or more computers are isolated physically from other networks ie. the internet or a local area network. These networks are usually wired as machines belonging to such networks have their wireless network interfaces permanently disabled or physically removed.

Dr. Guri demonstrated how using unconventional ways the Air-Gapped systems can leak sensitive data. Earlier in February 2020, he devised a that employs small changes in LCD screen brightness. This remains hidden from naked eyes and modulates binary information in morse-code-like patterns covertly.

Later in May 2020, Dr. Guri displayed how malware can exploit a computer’s power supply unit to play sound and use it as an out-of-band, secondary speaker to leak data in an attack dubbed as “POWER-SUPPLaY.”

The researchers in the document said, “This paper shows that attackers can exploit the Ethernet cables to exfiltrate data from air-gapped networks. Malware installed in a secured workstation, laptop, or embedded device can invoke various network activities that generate electromagnetic emissions from Ethernet cables.”

Dr. Guni added, “Dedicated and expensive antennas yield better distance and could reach tens of meters with some cables.”

Related Articles:

Frustrated Developer Drops 3 Zero-Day Vulnerabilities Affecting Apple iOS 15
Google Warns Users How Hackers Can Make Malware Undetectable on Windows
Apple’s New iCloud Private Relay Service Leaks User’s Real IP Addresses