Just when you thought it was safe to use your computer.
A new exploit allows attackers to use SATA cables as antennae to transmit radio signals in the 6GHz frequency band. SATA or Serial ATA is the current standard for disk drives and optical drives in most computers. In other words it’s everywhere.
The system allows attackers to transmit data directly from an air-gapped computer – a machine that is not connected to the Internet – which results in a massive security problem for most major manufacturers.
“The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver,” writes Mordechai Guri of Ben-Gurion University of the Negev, Israel. “Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.”
You can read the entire paper here but rest assured that while SATA is a very prevalent standard it’s going to be pretty hard to install this exploit in the wild without direct access to the machine.
Once the malware is installed on the machine, writes Guri, the attacker can then exfiltrate the data by listening on the 6GHz channel.
“A malicious insider or visitor [can] carry a radio receiver nearby the air-gapped computer, for instance, within a laptop. The receiver monitors the 6 GHz spectrum for a potential transmission, demodulates the data, decodes it, and sends it to the attacker,” he wrote.