Researchers have demonstrated how an unmodified USB device can be turned into a radio frequency (RF) transmitter and leveraged to exfiltrate potentially sensitive data from air-gapped computers.
In the past years, experts from the Cyber Security Research Center at Ben-Gurion University of the Negev in Israel analyzed methods for exfiltrating data using cellular frequencies, noise from fans and hard drives, electromagnetic signals from graphics cards, and heat emitted by the CPU and GPU.
Now they have come up with a new method that involves an unmodified USB device and an experimental piece of malware dubbed “USBee.”
Using USB devices to exfiltrate data from secure systems over RF is not unheard of. NSA documents leaked in 2013 showed that the agency’s toolset included such capabilities. Inspired by the NSA, white hat hackers later created a hardware implant with similar capabilities. However, these tools rely on modified USB connectors, whereas researchers have found a way to exfiltrate data using unmodified devices.
USBee is designed to leverage the USB data bus to create electromagnetic emissions from a connected device. The malware can modulate binary data over the electromagnetic waves and send it to a nearby receiver.
Experts determined that sending a sequence of “0” bits to a USB device, such as a flash drive or an external hard drive, generates electromagnetic radiation. By intentionally sending a certain sequence of “0” bits from the targeted computer to the connected USB device, the malware can generate electromagnetic radiation at specific frequencies, which can represent either a “1” bit or a “0” bit.
The data can then be captured by a nearby receiver. In their experiments, researchers used a $30 RTL-SDR software-defined radio connected to a laptop and managed to transfer data at rates of up to 80 bytes per second. This is a fairly high transfer rate that can allow the malware to transfer strong passwords and encryption keys within seconds.
The data can be transferred over a considerable distance, as shown in this video made by Ben-Gurion University researchers:
Researchers have proposed several countermeasures, such as banning electronic equipment near sensitive computers, using antiviruses and intrusion detection systems, and shielding components to prevent electromagnetic emissions. However, experts noted that these methods might not always be very efficient or feasible. For instance, in the case of intrusion detection systems set up to detect certain patterns, they could result in a high rate of false positives.