New SATAn attack allows to steal data from air-gapped systems

  • Thread starter Security feed from CyberSecurity Help
  • Start date

Security feed from CyberSecurity Help


Security researchers found a new way to steal information from air-gapped systems. The new method named “SATAn” makes use of the Serial ATA (SATA) cables as a wireless antenna to transmit data from a breached system to a nearby receiver.

“Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band,” reads a recent paper by the researchers at the Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev (Israel).

SATA is a bus interface widely used in modern computers to connect the host bus to mass storage devices such as hard disk drives, optical drives, and SSDs.

The researchers found out that the SATA 3.0 cables generate electromagnetic emissions in various frequency bands, including 1 GHz, 2.5 GHz, 3.9 GHz, and +6 GHz. They explained that “the most significant correlation with the data transmission spans from 5.9995 GHz to 5.9996 GHz.” The researchers’ goal was to use the SATA cable to control the electromagnetic emission.

The researchers also explained that the attack can operate from user mode. The method is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. However, on the VMs the attack effectiveness is significantly reduced.

It turned out that reading operations on SATA produce stronger signals than writing ones. It makes the attack even easier because reading requires less privileges.

Adblock test (Why?)