Researchers pinpoint a new cyber-attack technique using SATA cables

• Security researchers have warned about a new cyber-attack technique, which is called SATAn.
• The technique uses SATA cables as wireless antennas to transfer radio signals at the 6 GHz frequency band.
• The method is also effective from inside a Virtual Machine.

Security researchers at the Department of Software and Information Systems Engineering of Ben-Gurion University located in Negev, Israel warned about a new cyber-attack technique they discovered. The new technique, which is called SATAn, focuses on stealing data from air-gapped systems. It uses SATA cables as wireless antennas to be able to transmit data from a compromised PC.

Using SATA cables as antennas

Researchers stated that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band even though the air-gap computers don’t have wireless connectivity. The research states that the design of the transmitter and receiver and present the implementation of these components allows researchers to demonstrate the attack on different computers.

The demonstration showed that SATA cables can be used to transfer a brief amount of sensitive information from air-gap computers wirelessly to a nearby receiver. The attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. The team said,

« We show that attackers can exploit the SATA cable as an antenna to transfer radio signals in the 6 GHz frequency band by using non-privileged read() and write() operations. Notably, the SATA interface is highly available to attackers in many computers, devices, and networking environments. We discuss related work and provide technical background. We show the design of the covert channel and present the implementation of the transmitter and receiver. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver more than 1m away. We also show that the attack can operate from user mode and is effective even from inside a guest VM. We also discuss preventive and protective countermeasures to this covert channel attack. »