This devious attack turns a SATA cable into a data-stealing antenna

Data Breach
(Image credit: Shutterstock)

A newly discovered method of stealing files may have put every Mission: Impossible movie to shame.

Cybersecurity researcher Mordechai Guri, from the University of the Negev, Israel, has demonstrated how to steal sensitive files from a completely airgapped system (disconnected from all networks and devoid of all communications protocols such as Bluetooth) by turning the SATA cable into an antenna. 

Obviously, the method was dubbed SATAn, with Guri finding the SATA bus, when operational, generates electromagnetic interference which could be manipulated. In his experiments, he used the 6GHz frequency band and successfully transmitted sensitive data to a nearby laptop.

Not as easy as it sounds

There are two major caveats to this method. The first one is that in order to make the attack successful, the endpoint under attack needs to be compromised with malware, as a piece of code is necessary to actually turn the SATA cable into an antenna. 

The second is that the antenna is only capable of transferring data correctly at a distance of about one meter, meaning the victim needs to be super close to the attacker in order for the heist to work.

Still, we’ve seen airgapped systems infected with malware before (remember Stuxnet?), and knowing that these kinds of devices usually hold highly classified, super sensitive information, it wouldn’t be too crazy to see a state-sponsored actor try and use this method somewhere.

The SATA cable is used in pretty much every computer out there, as it’s the industry standard for connecting hard drives and SSDs with the motherboard. 

The best way to protect against these attacks is to prevent anyone from bringing any radio receivers into the facility. Still, this is crime we’re talking about, and if someone’s about to steal data, they’re bound to try and smuggle such devices into the premises. In that case, extra electromagnetic shielding on the SATA cable or to the PC's case, should be added.

Via: Tom's Hardware

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.