Article
Data Exfiltration through Electromagnetic Covert Channel of Wired Industrial Control Systems
Contribution Summary
This research presents a novel attack vector on industrial control systems (ICS) that exploits electromagnetic (EM) radiation from wired Ethernet connections to exfiltrate sensitive information. The attack leverages compromised firmware to encode data into packet transmission patterns, which are then captured and demodulated by an attacker's software-defined radio. The study demonstrates that this covert channel can facilitate data exfiltration from up to two meters away with a 10 bps data rate. The research also introduces a methodology to automatically detect information-leaking EM frequencies of Ethernet cables and explores the potential of increasing reliability in EM-based covert channels through error correction codes. The findings have significant implications for the security of ICSs and other critical networked or local, air-gapped infrastructure.
Keywords: covert channel; EM radiation; exfiltration; air-gap; Ethernet; software-defined-radio; industrial control systems; cybersecurity
Abstract
Industrial control systems (ICS) often contain sensitive information related to the corresponding equipment being controlled and their configurations. Protecting such information is important to both the manufacturers and users of such ICSs. This work demonstrates an attack vector on industrial control systems where information can be exfiltrated through a electromagnetic (EM) radiation covert channel from the wired Ethernet connections commonly used by these devices. The attack leverages compromised firmware for the controller—capable of encoding sensitive/critical information into the wired network as packet transmission patterns. The EM radiation from the wired network’s communication is captured without direct physical interaction using a portable software-defined radio, and subsequently demodulated on the attacker’s computer. This covert channel facilitates the exfiltration of data from a distance of up to two metres with a data rate of 10 bps without any significant data loss. The nature of this covert channel demonstrates that having strong firewalls and network security.
BibTeX
@article{sachintha2023DataExfiltrationEMSCA,
author={Sachintha, Shakthi and Le-Khac, Nhien-An and Scanlon, Mark and Sayakkara, Asanka P.},
title="{Data Exfiltration through Electromagnetic Covert Channel of Wired Industrial Control Systems}",
journal="{Applied Sciences}",
year=2022,
month=10,
volume=13,
number=5,
pages=2928,
doi={10.3390/app13052928},
abstract={Industrial control systems (ICS) often contain sensitive information related to the corresponding equipment being controlled and their configurations. Protecting such information is important to both the manufacturers and users of such ICSs. This work demonstrates an attack vector on industrial control systems where information can be exfiltrated through a electromagnetic (EM) radiation covert channel from the wired Ethernet connections commonly used by these devices. The attack leverages compromised firmware for the controller—capable of encoding sensitive/critical information into the wired network as packet transmission patterns. The EM radiation from the wired network’s communication is captured without direct physical interaction using a portable software-defined radio, and subsequently demodulated on the attacker’s computer. This covert channel facilitates the exfiltration of data from a distance of up to two metres with a data rate of 10 bps without any significant data loss. The nature of this covert channel demonstrates that having strong firewalls and network security.}
}