USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB
This addresses a security vulnerability for air-gapped systems by enabling covert data transmission without physical tampering, representing a novel method for a known bottleneck.
The paper tackled the problem of exfiltrating data from air-gapped computers without hardware modifications by developing USBee, a software that uses unmodified USB devices as RF transmitters, achieving a bandwidth of 20 to 80 bytes per second.
In recent years researchers have demonstrated how attackers could use USB connectors implanted with RF transmitters to exfiltrate data from secure, and even air-gapped, computers (e.g., COTTONMOUTH in the leaked NSA ANT catalog). Such methods require a hardware modification of the USB plug or device, in which a dedicated RF transmitter is embedded. In this paper we present USBee, a software that can utilize an unmodified USB device connected to a computer as a RF transmitter. We demonstrate how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector. We also show that the emitted RF signals can be controlled and modulated with arbitrary binary data. We implement a prototype of USBee, and discuss its design and implementation details including signal generation and modulation. We evaluate the transmitter by building a receiver and demodulator using GNU Radio. Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 20 to 80 BPS (bytes per second).