The Cyber Security Research Center at Ben-Gurion University of the Negev in Israel has demonstrated a new data breach mechanism, dubbed the LANTENNA Attack, that uses Ethernet cables as “transmission antennas” to steal sensitive data from physically isolated systems.
The head of the research centre, Dr Mordechai Guri, further explained that LANTENNA is a new type of electromagnetic attack that works by collecting sensitive data by physically isolating malicious code in a computer, then encoding it through radio waves emitted by an Ethernet cable, to nearby software A Defined Radio (SDR) receiver wirelessly intercepts the signal, decodes the data, and sends it to an attacker in an adjacent room.
During testing, the researchers found that Ethernet cables generate electromagnetic radiation in the 125MHz frequency band, which can be intercepted by a nearby radio receiver; data leaked from physically isolated computers, transmitted through the Ethernet cable, can be intercepted at distances of up to 200 centimeters. Receive; In this attack scenario, the premise is that the attacker must have physical access to the system, for example by exploiting a malicious insider or tricking someone with access to the system to connect an infected USB drive.
“Notably, malicious code can run in a normal user-mode process and successfully run inside a virtual machine,” the researchers noted.
Based on the above characteristics, the researchers propose several defense measures that can be used against LANTENNA attacks, such as:
Enforcing isolation of physical network areas and banning radio receivers;
Monitor network interface card link activity at user and kernel level, any change in link state should trigger an alert;
Use RF monitoring hardware to identify abnormalities in the LANETNNA frequency band;
Block covert channels by interfering with the LANTENNA band;