在 Hacker News 首頁上看到「SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables」這個,透過 SATA 界面產生的電磁訊號突破 Air Gap 限制傳輸資料,對應的討論在「SATAn: Air-Gap Exfiltration Attack via Radio Signals from SATA Cables (arxiv.org)」。
Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band.
翻了一下論文裡面提到的距離,在 PC-1 上測試到 120cm,對應的 SNR 有 9db:
Table IV presents the signal-to-noise ratio (SNR) received with the three transmitting computers. The signal transmitted from PC-1 has a strength of 20 dB at 30 cm to 9 dB at 120 cm apart. The signal generated from PC-1 and PC-2 were significantly weaker, with 15 dB at 60 cm (PC-2) and 7 dB at 30 cm (PC-3).
另外大概是 PoC 的關係,只有簡單測一下是可行的 (對於真的有利用 air gap 的環境當作一種保護機制的威脅就夠大了),看起來沒有測極限可以跑多快:
We transmitted the data with a bit rate of 1 bit/sec, which is shown to be the minimal time to generate a signal which is strong enough for modulation.
關於反制的部份,這類的技術 (透過電磁訊號) 之前在其他的裝置上都有發生過,目前的 air gap 標準應該都有電磁訊號洩漏的防範了,這篇主要還是在展示 SATA 也可以這樣搞 XD