An Israeli researcher has demonstrated that LAN cables’ radio frequency emissions can be read by using a $30 off-the-shelf setup, potentially opening the door to fully developed cable-sniffing attacks.
Mordechai Guri of Israel’s Ben Gurion University of the Negev described the disarmingly simple technique to The Register, which consists of putting an ordinary radio antenna up to four metres from a category 6A Ethernet cable and using an off-the-shelf software defined radio (SDR) to listen around 250MHz.
“From an engineering perspective, these cables can be used as antennas and used for RF transmission to attack the air-gap,” said Guri.
His experimental technique consisted of slowing UDP packet transmissions over the target cable to a very low speed and then transmitting single letters of the alphabet. The cable’s radiations could then be picked up by the SDR (in Guri’s case, both an R820T2-based tuner and a HackRF unit) and, via a simple algorithm, be turned back into human-readable characters.