USBee: Leaking Data from Air-Gapped Computers and Receiving it with an RTL-SDR

This Monday researchers from Ben-Gurion University of Negev released an academic paper detailing their research in showing how attackers could cause your PC to wirelessly leak data. They write that usually covertly modified USB devices are required to leak data, as is the case with the NSA’s COTTONMOUTH device which is detailed in their ANT catalog. However, the innovation from these researchers is that their own implementation can be used to turn any unmodified USB device into a make shift transmitter.

The attack works by first infecting a computer with their malware software. The malware then utilizes the USB data bus to create electromagnetic emissions on a connected USB device. In these tests they use a USB flash drive and write a file to the device in such a way that the emissions produced are transmitting decodable data. They write that any binary data can be modulated and transmitted to a nearby receiver, such as an RTL-SDR dongle. Data rates can reach up to 80 bytes/s.  The data is modulated with binary frequency shift keying, and their receiver code is implemented in GNU Radio.

This story has also been featured on arstechnica and threatpost. The video below demonstrates the attack.

USBee: Jumping the air-gap with USB

Tweet10
Share26
Reddit
Vote
Email
36 Shares

Related posts:

  1. Receiving and Decoding Data from an Esophageal Monitor Inside the Body
  2. Receiving Urban Drainage And Flood Control Weather Sensors
  3. Controlling Siri and Google Now with a Yagi and USRP
  4. Stealing Encryption Keys from PCs using Software Defined Radio and Unintentional Electromagnetic Emissions
  5. Using a Yardstick One, HackRF and Inspectrum to Decode and Duplicate an OOK Signal

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>