With a proof of concept, a cybersecurity researcher from Ben-Gurion University in the Negev (Israel) demonstrates a technique for exfiltrating data from isolated local networks (air-gapped; with connections wireless prohibited) via Ethernet cables that connect workstations to each other.
The electromagnetic-type attack has been dubbed LANtenna (PDF). It relies on malicious code in computers – an infection still needed – that collects sensitive data, then encodes it over radio waves emanating from Ethernet cables, using it as antennas. Their shielding is not completely waterproof.
A wireless receiving device located nearby and playing the role of software radio is able to intercept signals, decode data and send them to an attacker.
At The Register, researcher Mordechai Guri describes a simple technique that involves “ place an ordinary radio antenna 4 meters from a Category 6a Ethernet cable and use a commercially available software radio to listen around 250 MHz. “
For the regulation of the electromagnetic signals of the Ethernet cables targeted, two experimental techniques involve acting on the Ethernet speed and transmitting raw UDP packets.
“ The transmission of UDP packets does not require higher privileges or interference with the routing table of the operating system. In addition, it is possible to evade detection at the network level by sending raw UDP traffic within other legitimate UDP traffic “, writes Mordechai Guri.