LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables

Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a “transmitting antenna.”

Security researchers from the Cyber Security Research Center in the Ben Gurion University of the Negev (Israel) devised a new data exfiltration mechanism, dubbed LANtenna Attack, that leverages Ethernet cables as a “transmitting antenna” to steal sensitive data from air-gapped systems.

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The research group lead by Dr. Mordechai Guri explained that data siphoned from air-gapped systems are encoded over radio waves emanating from Ethernet cables. Then data can be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, decoded, and sent to an attacker who is in an adjacent room.

“LANTENNA – a new type of electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in airgapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas. A nearby receiving device can intercept the signals wirelessly, decode the data, and send it to the attacker.” reads the paper published by the researchers. “Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine.”


The experts explained that often air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited to avoid data leaks.

The researchers used malware to exfiltrate collected data, modulating it, and transmitting wirelessly via the radio waves emanating from the Ethernet cables.

The electromagnetic emissions are generated by the Ethernet cable in the frequency bands of 125 MHz that can be intercepted by a nearby radio receiver.

In a test conducted by the researchers, data exfiltrated from an air-gapped computer was transmitted through the Ethernet cable and was received at a distance of 200 cm apart.

In a read attack scenario, threat actors have to physically compromise the air.gapped system, for example by leveraging a malicious insider or tricking personnel with access to the system into connecting an infected USB drive.

The researchers proposed several defensive measures that can be adopted against the LANTENNA attack such as:

  • implementing zone separation banning radio receiver from the area of air-gapped networks;
  • monitoring the network interface card link activity at the user and kernel levels. Any change of the link state
    should trigger an alert;
  • using RF monitoring hardware equipment to identify anomalies in the LANETNNA frequency bands;
  • blocking the covert channel by jamming the LANTENNA frequency bands;
  • Cable Shielding;

“This paper shows that attackers can exploit the Ethernet cables to exfiltrate data from air-gapped networks,” the researchers concluded. “Malware installed in a secured workstation, laptop, or embedded device can invoke various network activities that generate electromagnetic emissions from Ethernet cables.”

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, LANtenna Attack)

The post LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables appeared first on Security Affairs.

By admin