- A security researcher has demonstrated a technique for using SATA cables as wireless antennas.
- It can instantly transmit sensitive data from almost any computer, even one without wireless data transmission hardware.
- Some security experts, however, suggest that some data theft attacks are easier to execute and more difficult to prevent.
Transferring data wirelessly from a computer without a wireless card sounds like a miracle but also presents a unique security challenge.
A security researcher has demonstrated a mechanism for attackers to steal data from an air-bound computer, which is a computer that is completely disconnected from a network and has no wireless or wired internet connection. Called SATAn, the attack involves repurposing the serial ATA (SATA) cables inside most computers as wireless antennas.
“This is a great example of why defense in depth is necessary,” Josh Lospinoso, CEO and co-founder of Shift5, told Lifewire in an email. “Simply air gapping computers is not enough because smart attackers have new ways to defeat static defensive methods once they have the time and resources to do so. .”
Someone Has Done That
For a SATA attack to be successful, the attacker must first infect the target air-gapped system with malware that converts sensitive data inside the computer into a broadcastable signal.
SATAn was discovered by Mordechai Guri, the Head of R&D at The Cyber Security Research Labs at Ben-Gurion University in Israel. In a demonstration, Guri was able to generate electromagnetic signals to transmit data from inside an air-gapped system to a nearby computer.
Researchers continue to rediscover these attacks, but they don’t have a measurable role in current breaches…
Ray Canzanese, Threat Research Director at Netskope, stated that the SATAn attack helps highlight the fact that there is no such thing as absolute security.
“Disconnecting a computer from the internet only mitigates the risk of that computer being attacked on the internet,” Canzanese told Lifewire via email. “The computer is still vulnerable to many other attack methods.”
He said that the SATAn attack helps demonstrate one such approach, which takes advantage of the fact that various components inside the computer emit electromagnetic radiation that can leak sensitive information.
Dr. Johannes Ullrich, Dean of Research, SANS Technology Institute, however, points out that attacks like SATAn are known and go back to the days before the network.
“They used to be known as TEMPEST and have been recognized as a threat since at least 1981 when NATO created a certification to protect against them,” Ullrich told Lifewire via email.
Speaking about the TEMPEST standards, Canzanese said that they prescribe how an environment should be configured to prevent the leakage of sensitive information through electromagnetic emissions.
David Rickard, CTO North America of Cipher, the cybersecurity division of Prosegur, agreed that while SATAn presents a frightening prospect, there are practical limitations to this attack strategy that make it easy to overcome.
For starters, he points to the range of SATA cables used as an antenna, saying that research shows that even at four feet, the error rates of wireless transfer are very significant, with doors and wall which further degrades the transmission quality.
“If you put sensitive information on your own premises, hide it so that no other computer using wireless connections comes within 10 feet of the computer that put the data,” explains Rickard.
All our experts also pointed out the fact that TEMPEST specifications require the use of shielded cables and cases, among other considerations, to ensure that computers with sensitive data do not release data. through such ingenious mechanisms.
“TEMPEST-compliant hardware is available to the public through a variety of manufacturers and vendors,” Rickard shared. “If [you use] cloud-based resources, ask your provider about their TEMPEST compliance.”
… the effort is better spent defending against attacks that matter.
Canzanese stated that the SATAn attack highlights the importance of preventing physical access to computers that contain sensitive data.
“If they are able to connect to arbitrary storage devices, such as a USB thumb drive, that computer can be infected with malware,” Canzanese said. “Those same devices, if they can be written on, can also be used for data exfiltration.”
Rickard agrees, saying that removable USB drives (and phishing) are much bigger data exfiltration threats and are much more complicated and expensive to solve.
“These days, these attacks are mostly theoretical, and defenders should not waste time and money on these attacks,” Ullrich said. “Researchers continue to rediscover these attacks, but they do not play a measurable role in existing breaches, and effort is better spent protecting against attacks that matter .”
Thanks for letting us know!
Tell us why!
Not enough details
It’s hard to understand