News Devilish SATAn Hack Turns Drive Cable Into Radio Transmitter to Steal Data

Toggle sidebar Toggle sidebar
  • Does not work on laptops (no SATA cables)
  • Does not work on systems with a caddy to a cableless backplane (Mac Pro 1,1-5,1 for example)
-. Does not work on SAS (twisted pair and 4 lanes per cable instead of 1, plus shielded, if that works i'm impressed af)
  • Does not work on PCIe SATA SSDs (these do not exist anymore, Samsung PM951 is good example, has SATA traces on PCB but just a few mm total)
  • Does not work on PCIe NVMe SSDs

SATA is being phased out at an ok pace and with the above i don't see much danger in this for ultra secure systems (= secured datacenter, not a CIA field office with a NUC...)

Very interesting concept though, i don't know why we Israelis always come up with such hacks, weird.
 
Pretty useless hack I have to say....

This is its biggest failure......

1. Hacker has to access the system physcially to install the software to get the hack to work....

This isn't the movies, if its that easy to gain access to such a system, people wouldnt even need to hack. Even insider jobs are very very difficult to perform to due to security. Its extremely hard to plug a USB drive into the machine to install the software.

This is 2nd failure....

allowing a hacker to exfiltrate data from a system that isn't connected to a network and transmit it to a receiver 1m away...

Again, not the movies. If the server/PC (whatever) its placed in a secure location, it won't be right against the wall for obvious reason. Computers are mostly placed in racks. You need to clearance around the racks in order to access it for maintenace and installation.
 
  • Like
Reactions: shady28
WilliamRJK said:
  • Does not work on laptops (no SATA cables)
  • Does not work on systems with a caddy to a cableless backplane (Mac Pro 1,1-5,1 for example)
-. Does not work on SAS (twisted pair and 4 lanes per cable instead of 1, plus shielded, if that works i'm impressed af)
  • Does not work on PCIe SATA SSDs (these do not exist anymore, Samsung PM951 is good example, has SATA traces on PCB but just a few mm total)
  • Does not work on PCIe NVMe SSDs
SATA is being phased out at an ok pace and with the above i don't see much danger in this for ultra secure systems (= secured datacenter, not a CIA field office with a NUC...)

Very interesting concept though, i don't know why we Israelis always come up with such hacks, weird.
Click to expand...
does not work on proper computer cases either; a proper computer case will act like a faraday cage. there is a reason they have the side of the computer case off in the demo, with the side on it wouldn't work either. Highly unlikely to work in a rack mount server either. those cases are literal faraday cages, and of course they're all SAS; typically cordless...

this also doesn't work with EM shielded SATA cables which they do make. This may work with tempered glass side panels, but no one has a boutique computer case they don't connect to the internet.

this is a parlor trick not data theft.
 
  • Like
Reactions: cyrusfox and shady28
Another example of how these security lab types are sitting around wasting time and money with far-fetched attacks, apparently to impress the less technically savvy types or get media attention.
 
Would have made more sense to hit the mouse or keyboard cable : fully exposed, longer, and generally crappier cable than SATA. And operate at a lower frequency than 6GHz for more range.
And as has been pointed out - if someone can get this spyware onto an air-gapped machine, then there are bigger problems to fix than shielding the SATA cables!
 
shady28 said:
Another example of how these security lab types are sitting around wasting time and money with far-fetched attacks, apparently to impress the less technically savvy types or get media attention.
Click to expand...

Education is free in Israel and such projects are sponsored by our agencies (mostly mossad). I dont see it as waste of money, more a waste of time at Technion that could be used for better things like Iron Beam.
 
  • Like
Reactions: Murissokah
It's an exploit targeted at air-gapped facilities, it doesn't target notebooks or current hardware. Think highly secure, air gapped facilities, like nuclear power plants. They run the same hardware for decades, so servers and desktops running SATA hardware are very much relevant. These computers have measures to prevent any form of data copy so no networking, blocked USD storage. So even if you manage to sneak malware in (say you compromise a software vendor and inject malware in their code), you still wouldn't be able to get the data out. This can be used for that.

If you are thinking about how this would be useless in a modern datacenter or an enterprise workspace, you missed the point entirely. Modern datacenters are the polar opposite of an air-gapped facility.
 
Last edited:
I didn't see the SDR antenna and receiver in the video. I'd imagine the signal through a secure server's steel window-less rack-mounted chassis would do a rather pretty good job shielding its internals from short-range RF tricks. If you are going to use RF hardware this sensitive, then an easier lower-tech approach would be to create a power virus that modulates power draw to encode data and do your RF attack on the power lines, you'd probably be able to do 1kbps that way.


escksu said:
Computers are mostly placed in racks. You need to clearance around the racks in order to access it for maintenace and installation.
Click to expand...
Typical rows of racks only give you access to the front and back. If you need access through the top or sides, you have to pull stuff out.
 
TwoSpoons100 said:
Would have made more sense to hit the mouse or keyboard cable : fully exposed, longer, and generally crappier cable than SATA. And operate at a lower frequency than 6GHz for more range.
And as has been pointed out - if someone can get this spyware onto an air-gapped machine, then there are bigger problems to fix than shielding the SATA cables!
Click to expand...
If it's attacking a server, chances are there's no keyboard, mouse, or even display attached, so the signal would have to be generated internally.

That said, if you have enough access to plug in a USB drive to install the software needed for this, then why bother with this? Just copy what you want to the USB drive and leave. Unless you're doing a Stuxnet with USB drive left around a parking lot ...

Funny, in ancient days, there was software that would play a tune with a Radio Shack Model 1 (aka broadband RFI generator) using a BASIC program containing instructions that generated RFI that would be picked up as tones by a AM radio next to the computer. What's old is new again...
 
That's 1 meter in an all metal case. I wonder if the range is further with the whole tempered glass fad. Then again a lot of people who have tempered glass side(s) also have unicorn puke LEDs which might mitigate some of the extra interference.
 
sycoreaper said:
That's 1 meter in an all metal case. I wonder if the range is further with the whole tempered glass fad. Then again a lot of people who have tempered glass side(s) also have unicorn puke LEDs which might mitigate some of the extra interference.
Click to expand...
Anyone with a tempered glass case does not have any data valuable enough for an attack like this.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom