Airgapping refers to running a machine or machines without connections to external networks. Literally, a gap of air exists between the machine and the outside world. These measures present a challenge to those wishing to exfiltrate data from such a machine, leading to some creative hacks. [Jacek] has recently been experimenting with leaking data via Ethernet adapters.
The hack builds on [Jacek]’s earlier work with the Raspberry Pi 4, in which the onboard adapter is rapidly switched between 10 and 100 Megabit modes to create a signal that can be picked up via radio up to 100 meters away. Since then, [Jacek] determined the Raspberry Pi 4, or at least his particular one, seems to be very leaky of RF energy from the Ethernet port. He decided to delve deeper by trying the same hack out on other hardware.
Using a pair of Dell laptops connected back to back with an Ethernet cable, the same speed-switching trick was employed. However, most hardware takes longer to switch speeds than the Pi 4; usually on the order of 2-5 seconds. This limited the signalling speed, but [Jacek] was able to set this up to exfiltrate data using QRSS, also known as very slow speed Morse code. The best result was picking up a signal from 10 meters away, although [Jacek] suspects this could be improved with better antenna hardware.
While slow data rates and the one-way nature of such communication limit the utility of such an attack, it nonetheless shows that securing a machine isn’t as simple as unplugging it from the network. We’ve done a feature on such hacks before for those interested in learning more. Video after the break.
Continue reading “Leaking Data Slowly By Switching Ethernet Speeds”