SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.

Original languageEnglish
Title of host publication2022 19th Annual International Conference on Privacy, Security and Trust, PST 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-10
Number of pages10
ISBN (Electronic)9781665473989
DOIs
StatePublished - 2022
Event19th Annual International Conference on Privacy, Security and Trust, PST 2022 - Fredericton, Canada
Duration: 22 Aug 202224 Aug 2022

Publication series

Name2022 19th Annual International Conference on Privacy, Security and Trust, PST 2022

Conference

Conference19th Annual International Conference on Privacy, Security and Trust, PST 2022
Country/TerritoryCanada
CityFredericton
Period22/08/2224/08/22

Keywords

  • SATA
  • covert channels
  • leakage
  • electromagnetic
  • exfiltration
  • network
  • air-gap

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables'. Together they form a unique fingerprint.

Cite this