A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data.
一种泄漏信息和跳过气隙的新方法,利用串行高级技术附件 ( SATA ) 或串行 ATA 电缆作为通信介质。除了一长串已经证明可以掠夺数据的电磁、磁学、电学、光学和声学方法之外。
"Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week.
“虽然气隙计算机没有无线连接,但我们表明攻击者可以使用 SATA 电缆作为无线天线来传输 6GHz 频段的无线电信号,”在以色列内盖夫的本古里安大学的网络安全研究中心研发负责人Mordechai Guri 博士,他在上周发表的一篇论文中写道。
The technique, dubbed SATAn, takes advantage of the prevalence of the computer bus interface, making it "highly available to attackers in a wide range of computer systems and IT environments."
这种被称为SATAn的技术利用了计算机总线接口的普遍性,使其“在广泛的计算机系统和 IT 环境中非常容易被攻击者使用”。
Put simply, the goal is to use the SATA cable as a covert channel to emanate electromagnetic signals and transfer a brief amount of sensitive information from highly secured, air-gapped computers wirelessly to a nearby receiver more than 1m away.
简而言之,目标是使用 SATA 电缆作为隐蔽通道来发射电磁信号,并将少量敏感信息从高度安全的气隙计算机无线传输到 1m 以外的接收器。
An air-gapped network is one that's physically isolated from any other networks in order to increase its security. Air-gapping is seen as an essential mechanism to safeguard high-value systems that are of huge interest to espionage-motivated threat actors.
气隙网络是与任何其他网络物理隔离以提高其安全性的网络。气隙被视为保护高价值系统的重要机制,这些高价值系统对以间谍活动为动机的攻击者非常感兴趣。
That said, attacks targeting critical mission-control systems have grown in number and sophistication in recent years, as observed recently in the case of Industroyer 2 and PIPEDREAM (aka INCONTROLLER).
也就是说,近年来,针对关键任务控制系统的攻击的数量和复杂程度都在增加,正如最近在Industroyer 2和PIPEDREAM(又名 INCONTROLLER)的案例中所观察到的那样。
Dr. Guri is no stranger to coming up with novel techniques to extract sensitive data from offline networks, with the researcher concocting four different approaches since the start of 2020 that leverage various side-channels to surreptitiously siphon information.
Guri 博士对提出从离线网络中提取敏感数据的新技术并不陌生,自 2020 年初以来,研究人员炮制了四种不同的方法,利用各种侧通道偷偷地窃取信息。
These include BRIGHTNESS (LCD screen brightness), POWER-SUPPLaY (power supply unit), AIR-FI (Wi-Fi signals), and LANtenna (Ethernet cables). The latest approach is no different, wherein it takes advantage of the Serial ATA cable to achieve the same goals.
其中包括BRIGHTNESS(LCD 屏幕亮度)、POWER-SUPPLaY(电源单元)、AIR-FI(Wi-Fi 信号)和LANtenna(以太网电缆)。最新的方法也不例外,它利用串行 ATA 电缆来实现相同的目标。
Serial ATA is a bus interface and an Integrated Drive Electronics (IDE) standard that's used to transfer data at higher rates to mass storage devices. One of its chief uses is to connect hard disk drives (HDD), solid-state drives (SSD), and optical drives (CD/DVD) to the computer's motherboard.
串行 ATA 是一种总线接口和集成驱动电子 (IDE) 标准,用于以更高的速率将数据传输到大容量存储设备。它的主要用途之一是将硬盘驱动器 (HDD)、固态驱动器 (SSD) 和光驱 (CD/DVD) 连接到计算机的主板。
Unlike breaching a traditional network by means of spear-phishing or watering holes, compromising an air-gapped network requires more complex strategies such as a supply chain attack, using removable media (e.g., USBStealer and USBFerry), or rogue insiders to plant malware.
与通过鱼叉式网络钓鱼或水坑攻击来破坏传统网络不同,破坏气隙网络需要更复杂的策略,例如供应链攻击、使用可移动媒体(例如USBStealer和USBFerry)或内部人员植入恶意软件。
For an adversary whose aim is to steal confidential information, financial data, and intellectual property, the initial penetration is only the start of the attack chain that's followed by reconnaissance, data gathering, and data exfiltration through workstations that contain active SATA interfaces.
对于以窃取机密信息、财务数据和知识产权为目标的对手来说,最初的渗透只是攻击链的开始,随后是侦察、数据收集以及通过包含SATA 接口的工作站的数据泄露。
In the final data reception phase, the transmitted data is captured through a hidden receiver or relies on a malicious insider in an organization to carry a radio receiver near the air-gapped system. "The receiver monitors the 6GHz spectrum for a potential transmission, demodulates the data, decodes it, and sends it to the attacker," Dr. Guri explained.
在最后的数据接收阶段,传输的数据通过隐藏的接收器捕获,或者依靠组织中的内部人员在气隙系统附近携带无线电接收器。“接收器监控 6GHz 频谱的潜在传输、解调数据、解码数据并将其发送给攻击者,”Guri 博士解释说。
As countermeasures, it's recommended to take steps to prevent the threat actor from gaining an initial foothold, use an external Radio frequency (RF) monitoring system to detect anomalies in the 6GHz frequency band from the air-gapped system, or alternatively polluting the transmission with random read and write operations when a suspicious covert channel activity is detected.
作为对策,建议采取措施防止攻击者获得初步立足点,使用外部射频 (RF) 监控系统从气隙系统中检测 6GHz 频段的异常情况,或者检测到可疑的隐蔽通道活动时进行随机读写操作。
大成若缺,其用不弊。大盈若冲,其用不穷。大直若屈,大巧若拙,大辩若讷。
——《道德经.第四十五章》
本文翻译自:
https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html
如若转载,请注明原文地址
翻译水平有限 :(
有歧义的地方,请以原文为准 :)
,
