Experts have learned how to steal data from isolated systems using Ethernet cables as a transmitting antenna.
A group of specialists from the David Ben-Gurion University (Israel), led by Professor Mordechai Guri, has developed a new mechanism for extracting data from physically isolated systems using Ethernet cables as a "transmitting antenna".
A new technique called LANtenna allows malicious code on a computer disconnected from the Internet to collect sensitive data and then transmit it using radio waves generated by Ethernet cables. The radio signals are transmitted to a nearby receiver (software defined radio system), then decoded and sent to an attacker in the next room.
It is noteworthy that malicious code can be run in a normal process in user mode and controlled from a virtual machine.
LANtenna allows malware on a physically isolated system to cause an Ethernet cable to generate electromagnetic radiation in the 125 MHz frequency range, which is received by a nearby radio receiver. With the help of LANtenna, the researchers were able to transmit data over a distance of 200 m.
As with other attacks of this kind, in LANtenna, you first need to infect the attacked network with malware along one of the known vectors, ranging from attacks on the supply chain and infected USB sticks to social engineering techniques, theft of credentials and bribery of employees.
To protect against such attacks, experts recommend that organizations prohibit the use of radios on or near physically isolated networks. It is also recommended to monitor the activity of the link layer of the network card for any covert channel, jam signals and use metal shields to protect the electromagnetic field from extraneous influences.
A group of specialists from the David Ben-Gurion University (Israel), led by Professor Mordechai Guri, has developed a new mechanism for extracting data from physically isolated systems using Ethernet cables as a "transmitting antenna".
A new technique called LANtenna allows malicious code on a computer disconnected from the Internet to collect sensitive data and then transmit it using radio waves generated by Ethernet cables. The radio signals are transmitted to a nearby receiver (software defined radio system), then decoded and sent to an attacker in the next room.
It is noteworthy that malicious code can be run in a normal process in user mode and controlled from a virtual machine.
LANtenna allows malware on a physically isolated system to cause an Ethernet cable to generate electromagnetic radiation in the 125 MHz frequency range, which is received by a nearby radio receiver. With the help of LANtenna, the researchers were able to transmit data over a distance of 200 m.
As with other attacks of this kind, in LANtenna, you first need to infect the attacked network with malware along one of the known vectors, ranging from attacks on the supply chain and infected USB sticks to social engineering techniques, theft of credentials and bribery of employees.
To protect against such attacks, experts recommend that organizations prohibit the use of radios on or near physically isolated networks. It is also recommended to monitor the activity of the link layer of the network card for any covert channel, jam signals and use metal shields to protect the electromagnetic field from extraneous influences.
