Skip to main content

The world’s most sensitive data could be vulnerable to this new hack

A possible security attack has just been revealed by researchers, and while difficult to carry out, it could potentially endanger some of the most sensitive data in the world.

Dubbed “SATAn,” the hack turns a typical SATA cable into a radio transmitter. This permits the transfer of data even from devices that would otherwise not allow it at all.

SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

As data protection measures grow more advanced and cyberattacks become more frequent, researchers and vicious attackers alike reach new heights of creativity in finding possible flaws in software and hardware. Dr. Mordechai Guri from the Ben-Gurion University of the Negev in Israel just published new findings that, once again, show us that even air-gapped systems aren’t completely secure.

Recommended Videos

An air-gapped system or network is completely isolated from any and all connections to the rest of the world. This means no networks, no internet connections, no Bluetooth — zero connectivity. The systems are purposely built without any hardware that can communicate wirelessly, all in an effort to keep them secure from various cyberattacks. All of these security measures are in place for one reason: To protect the most vulnerable and sensitive data in the world.

Hacking into these air-gapped systems is exceedingly difficult and often requires direct access in order to plant malware. Removable media, such as USB stealers, can also be used. Dr. Guri has now found yet another way to breach the security of an air-gapped system. SATAn relies on the use of a SATA connection, widely used in countless devices all over the globe, in order to infiltrate the targetted system and steal its data.

Through this technique, Dr. Guri was able to turn a SATA cable into a radio transmitter and send it over to a personal laptop located less than 1 meter away. This can be done without making any physical modifications to the cable itself or the rest of the targeted hardware. Feel free to dive into the paper penned by Dr. Guri (first spotted by Tom’s Hardware) if you want to learn the ins and outs of this tech.

In a quick summary of how SATAn is able to extract data from seemingly ultra-secure systems, it all comes down to manipulating the electromagnetic interference generated by the SATA bus. Through that, data can be transmitted elsewhere. The researcher manipulated this and used the SATA cable as a makeshift wireless antenna operating on the 6GHz frequency band. In the video shown above, Dr. Guri was able to steal a message from the target computer and then display it on his laptop.

“The receiver monitors the 6GHz spectrum for a potential transmission, demodulates the data, decodes it, and sends it to the attacker,” said the researcher in his paper.

SATAn vulnerability shown in a photograph of an open PC case.
Dr. Mordechai Guri

The attack can only be carried out if the target device has malicious software installed on it beforehand. This, of course, takes the danger levels down a notch — but not all too much, seeing as USB devices can be used for this. Without that, the attacker would need to obtain physical access to the system to implant the malware before attempting to steal data through SATAn.

Rounding up the paper, Dr. Guri detailed some ways in which this type of attack can be mitigated, such as the implementation of internal policies that strengthen defenses and prevent the initial penetration of the air-gapped system. Making radio receivers forbidden inside facilities where such top-secret data is stored seems like a sensible move right now. Adding electromagnetic shielding to the case of the machine, or even just to the SATA cable itself, is also recommended.

This attack is certainly scary, but we regular folk most likely don’t need to worry. Given the complexity of the attack, it’s only worthy of a high-stakes game with nationwide secrets being the target. On the other hand, for those facilities and their air-gapped systems, alarm bells should be ringing — it’s time to tighten up the security.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Hacker claims to have hit Apple days after hacking AMD
The Apple logo is displayed at the Apple Store June 17, 2015 on Fifth Avenue in New York City

Data breaches happen all the time, but when the giants get hit, it's impossible not to wonder what kind of critical data may become exposed. Earlier this week, notorious cybercriminal Intelbroker reported that they managed to hack AMD. Now, they followed up with claims about hacking Apple, and went as far as to share some internal source code on a hacking forum.

As Apple has yet to comment, all we have to go off is the forum post, first shared by HackManac on X (formerly Twitter). In the post, Intelbroker states that Apple suffered a data breach that led to the exposure of the source code for some of its internal tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced. There's been no mention of any customer data being leaked, which is good news, but there could still be some impact on Apple if this proves to be true.

Read more
AMD just suffered a massive data breach that could reveal future products
AMD's Scott Herkalman presenting the RX 7800 XT graphics card.

AMD is currently investigating a potentially massive data breach. The company said on Tuesday that it has begun investigating the breach, following a report from The Cyber Express that featured blurred screenshots of the allegedly stolen data. It's not clear how large the scale of the breach is, but it's said to contain details on future products, customer databases, employee information, and other confidential data.

"We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data," AMD said in a statement shared with Bloomberg. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data."

Read more
Your American Express credit card info may have been hacked
WWDC

American Express has put out a data breach advisory after third-party merchants experienced a hacking incident targeting its payment hardware, as reported by Bleeping Computer.

The financial services company detailed that the breach occurred in Massachusetts and is associated with an "American Express Travel Related Services Company." It resulted in several merchants suffering "unauthorized access to its system." Customers' credit card information, including account numbers, names, and card expiration data, may have been exposed in the process.

Read more