Researchers have devised a unique and inexpensive strategy to exfiltrate data from air-gapped networks. Dubbed LANTENNA, the attack involves cheap equipment to sniff data wirelessly from the target air-gapped networks.
LANTENNA Attack Sniffs Air-gapped Networks Via Ethernet Cables
A team of academic researchers from Ben-Gurion University of the Negev, Israel, have shared another attack strategy aiming at air-gapped systems. This time, they have proposed LANTENNA, an attack that exploits Ethernet cables to sniff data. Specifically, it exploits the radio waves generated from the cables to exfiltrate the data.
Briefly, air-gapped networks often store sensitive data of the organizations. Hence, they are kept off the internet for safety purposes. Instead, they are interconnected via LAN built on Ethernet cables (instead of wireless connections).
The entire strategy involves infecting the target air-gapped system with malware (for instance, via a USB or supply-chain attack). the malware then encodes the stolen data over the radio waves of the Ethernet cable in the network. In this way, the cable works as an “antenna” generating “signals” with “data” that a nearby device can receive. The receiver hardware then decodes the radio waves to decipher the stolen data.
The following video demonstrates LANTENNA attack.
Besides, the researchers have shared the details about this study in a research paper.
Suggested Countermeasures
Regarding the countermeasures, the researchers propose strategies that block radio emanations from the Ethernet cable.
The simplest way to achieve this goal is to shield the cables via metal shielding. Whereas, the other suggested mitigations include signal jamming, prohibiting any radio receivers near the air-gapped networks, deploying a hypervisor-level firewall to block outgoing data packets.
Another strategy is to detect any anomalies in the LANTENNA band (125 MHz) via RF detectors. However, the researchers state that this method may generate more false positives.
This isn’t the first study on air-gapped systems security from the researchers. Earlier, they have proposed numerous such methods that demonstrate how air-gapped systems may become vulnerable.
