430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables

Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a “transmitting antenna.” Security researchers from the Cyber Security Research Center in the Ben Gurion University of the Negev (Israel) devised a new data exfiltration mechanism, dubbed LANtenna Attack, that leverages Ethernet cables as a “transmitting […]

LANTENNA

Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a “transmitting antenna.”

Security researchers from the Cyber Security Research Center in the Ben Gurion University of the Negev (Israel) devised a new data exfiltration mechanism, dubbed LANtenna Attack, that leverages Ethernet cables as a “transmitting antenna” to steal sensitive data from air-gapped systems.

The research group lead by Dr. Mordechai Guri explained that data siphoned from air-gapped systems are encoded over radio waves emanating from Ethernet cables. Then data can be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, decoded, and sent to an attacker who is in an adjacent room.

“LANTENNA – a new type of electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in airgapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas. A nearby receiving device can intercept the signals wirelessly, decode the data, and send it to the attacker.” reads the paper published by the researchers. “Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine.”

LANTENNA

The experts explained that often air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited to avoid data leaks.

The researchers used malware to exfiltrate collected data, modulating it, and transmitting wirelessly via the radio waves emanating from the Ethernet cables.

The electromagnetic emissions are generated by the Ethernet cable in the frequency bands of 125 MHz that can be intercepted by a nearby radio receiver.

In a test conducted by the researchers, data exfiltrated from an air-gapped computer was transmitted through the Ethernet cable and was received at a distance of 200 cm apart.

In a read attack scenario, threat actors have to physically compromise the air.gapped system, for example by leveraging a malicious insider or tricking personnel with access to the system into connecting an infected USB drive.

The researchers proposed several defensive measures that can be adopted against the LANTENNA attack such as:

  • implementing zone separation banning radio receiver from the area of air-gapped networks;
  • monitoring the network interface card link activity at the user and kernel levels. Any change of the link state
    should trigger an alert;
  • using RF monitoring hardware equipment to identify anomalies in the LANETNNA frequency bands;
  • blocking the covert channel by jamming the LANTENNA frequency bands;
  • Cable Shielding;

“This paper shows that attackers can exploit the Ethernet cables to exfiltrate data from air-gapped networks,” the researchers concluded. “Malware installed in a secured workstation, laptop, or embedded device can invoke various network activities that generate electromagnetic emissions from Ethernet cables.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, LANtenna Attack)

[adrotate banner=”5″]

[adrotate banner=”13″]