Researchers have demonstrated how an unmodified USB device can be turned into a radio frequency (RF) transmitter and leveraged to exfiltrate potentially sensitive data from air-gapped computers.
In the past years, experts from the Cyber Security Research Center at Ben-Gurion University of the Negev in Israel analyzed methods for exfiltrating data using cellular frequencies, noise from fans and hard drives, electromagnetic signals from graphics cards, and heat emitted by the CPU and GPU.
Now they have come up with a new method that involves an unmodified USB device and an experimental piece of malware dubbed “USBee.”
Using USB devices to exfiltrate data from secure systems over RF is not unheard of. NSA documents leaked in 2013 showed that the agency’s toolset included such capabilities. Inspired by the NSA, white hat hackers later created a hardware implant with similar capabilities. However, these tools rely on modified USB connectors, whereas researchers have found a way to exfiltrate data using unmodified devices.
USBee is designed to leverage the USB data bus to create electromagnetic emissions from a connected device. The malware can modulate binary data over the electromagnetic waves and send it to a nearby receiver.
Experts determined that sending a sequence of “0” bits to a USB device, such as a flash drive or an external hard drive, generates electromagnetic radiation. By intentionally sending a certain sequence of “0” bits from the targeted computer to the connected USB device, the malware can generate electromagnetic radiation at specific frequencies, which can represent either a “1” bit or a “0” bit.
The data can then be captured by a nearby receiver. In their experiments, researchers used a $30 RTL-SDR software-defined radio connected to a laptop and managed to transfer data at rates of up to 80 bytes per second. This is a fairly high transfer rate that can allow the malware to transfer strong passwords and encryption keys within seconds.
The data can be transferred over a considerable distance, as shown in this video made by Ben-Gurion University researchers:
Researchers have proposed several countermeasures, such as banning electronic equipment near sensitive computers, using antiviruses and intrusion detection systems, and shielding components to prevent electromagnetic emissions. However, experts noted that these methods might not always be very efficient or feasible. For instance, in the case of intrusion detection systems set up to detect certain patterns, they could result in a high rate of false positives.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
