Do you think the security of the network cable will be very high?

The fact is that there is now a possible way to steal your data without destroying the cable, just by reading the electromagnetic signal emanating from the cable.

Even a very secure, physically isolated system from the Internet can be breached.

The researchers say that the equipment used is not complicated, it is off-the-shelf, and the cost is only $30.

What is so great?

Use a network cable as an “antenna”

The physical isolation system mentioned earlier refers to air-gapped networks.

An air-gapped network is a network security measure that minimizes the risk of information leakage and other cyber threats by physically isolating a computer from other networks (a machine’s wired/wireless network interface is permanently disabled or physically removed).

Many government and military secret agencies and enterprises will use this method to store the most important data.

If you want to “whole” some data from this network, you can only use physical devices such as U disks.

Back to the topic, how did the Israeli researchers steal the data with this attack method?

This is a new type of electromagnetic attack.

First, sensitive data is aggregated by malware in an air-gapped network, which is then signaled by radio waves emanating from the network cable.

At this time, the network cable can be compared to an antenna.

Sensitive data is modulated in these signals in binary form.

The malware is written by researchers and can be launched from a normal user-level process without root privileges, even in a virtual machine (however it is implanted).

In addition, the radiation frequency bands of different types of cables are different, such as 0-250MHz for Category 6 cables, 0-500MHz for Category 6a cables, and 0-700MHz for Category 7 cables.

Then, at a maximum distance of four meters from the cable, place a receiver for interception.

Four meters may be a bit close, and the researchers say that if the antenna used in the current device (priced at $1) is replaced by some kind of dedicated one, the attack range could reach tens of meters.

The receiver consists of an R820T2 based tuner and HackRF unit, which is calibrated to the 250MHz band for optimum reception efficiency.

Finally, the intercepted data can be decoded by a simple algorithm and sent to the attacker.

As for how the receiver gets into the air-gapped network, the researchers say it may be carried by insiders or hidden in the relevant area, as long as it is close enough to the network cable, up to 4 meters away.

In a specific experiment, the data (alternating sequence “01010101…”) transmitted from the air-gapped system via the Ethernet cable was received at a distance of 2 meters with a signal frequency band around 125.010MHz.

However, this all requires slowing down the transmission of UDP packets on the destination cable to a very low level.

So not only is the amount of data it can steal at one time pitiful, but it is also incredibly slow.

In reality, it is impractical to eavesdrop on network traffic at such a level, so this technology is now in the proof-of-concept stage, and it is hard to say when it will be deployed as a fully-fledged attack method.

But the technology opens the door to research into cable-sniffing attacks.

A professor at the University of Surrey also hailed the discovery as a good reminder that what you might think of as a tight-fitting air-gap system can be “chattering” on the airwaves.

Finally, if the air-gapped network is actually breached in this way, what countermeasures can be taken?

The researchers recommend disabling any radio receivers in and around air-gapped networks, and monitoring any covert channels for network interface card link activity, channel jamming, or the use of metal shielding to limit EMF emissions.