Security researchers have found another strategy to steal data from air-gapped systems, this time exploiting SATA cables. Dubbed SATAn attack, it allows an adversary to steal sensitive data, though with a bit of effort.
Stealing Data From Air-Gapped Systems Via SATA Cables
A team of academic researchers from the Ben-Gurion University in Israel has proposed the SATAn attack to steal data from air-gapped systems.
Air-gapped systems are isolated systems that remain segregated to keep sensitive information offline. While these systems are considered safe due to no connection with the internet world, they’re often the subject of interest for researchers to find out how an adversary could still exploit them. In this regard, researchers have proposed various attacks on air-gapped systems, the latest of which includes the SATAn attack.
Briefly, this attack includes the use of Serial ATA (SATA) cables that the systems may use to connect to storage drives and other components. It involves capturing and processing the radio frequency signals generated from these cables to extract the data in transit. All it takes for the adversary is to infect the target air-gapped systems with malware that can capture the specific read/write instructions to reflect the stolen information.
The researchers have shared the details of their study in a research paper. Whereas they have demonstrated the SATAn attack in the following video.
Attack Limitations And Recommended Countermeasures
The researchers demonstrated how SATAn attack might assist an adversary in stealing data from air-gapped systems. In a real-world exploit scenario, an attacker may implement the receiver in any device near the target system to capture the data.
Nonetheless, like always, this attack has some limitations. First, the attacker’s receiver should not be more than 120cm away from the target system. Secondly, the more the distance between the two, the more time it will take for the data to transmit to the receiver. Moreover, the researchers also demonstrated that using VMs in this attack significantly reduces the signal quality on SATA cables.
As for countering this attack, the researchers advise using SATA jammers which may add noise to the signals. Nonetheless, this might negatively affect the disk usage, ultimately affecting the hardware.
Let us know your thoughts in the comments.