Jacek Lipkowski's Etherify, "Bringing the Ether Back to Ethernet," Exfiltrates Data Wirelessly

Taking advantage of radiated signals, Etherify requires no unusual binaries yet can exfiltrate data via Morse code.

Gareth Halfacree
4 years ago โ€ข Security

Radio amateur and security enthusiast Jacek Lipkowski has released of a novel variant on the TEMPEST attack, allowing data to be exfiltrated from an otherwise secured computer by listening to radio waves emitted on its Ethernet cable โ€” complete with proof-of-concept code suitable for running on a Raspberry Pi.

"Leaking data via out of unconnected devices (both connected and unconnected) is a very interesting topic, often called 'soft TEMPEST,'" Lipkoswki explains. "Often this is the realm of absurdly costly lab equipment, source code isnโ€™t published etc. Here I would like to demonstrate this using the simplest equipment and means, and make it very easy to reproduce."

A "soft TEMPEST" attack, Etherify can exfiltrate data over a 125MHz wireless signal. (๐Ÿ“น: Jacek Lipkowski)

"Signals can be modulated using different methods. Here i will use Morse code for simplicity. This also allows one to judge the signal to noise ratio by just listening. It is also possible to decode it by ear without additional devices if one knows Morse code, if not there is a lot of software that can do it (although usually with much worse performance than an experienced human operator.) Transmission is implemented via very simple shell scripts. Only bash, ethtool and ping is needed. This enables the script to be used easily on embedded devices and other platforms where shipping binaries, installing a Python environment etc might be a problem."

The signal can be clearly received at up to 30m distances, or 100m with effort. (๐Ÿ“น: Jacek Lipkowski)

In experimentation with Raspberry Pi single-board computers, Lipkowski was able to exfiltrate data wirelessly using two approaches โ€” both of which transmitted signals at 125MHz. The first was to repeatedly switch the device's Ethernet port from 10-base-T to 100-base-T connectivity; the second was to transmit data between two devices at 1Gb/s. Both were easily discernable at a 30m (around 100') distance โ€” though Lipkowski warns that it depends heavily on nearby signals at the same frequency.

Lipkowski's full write-up is available on his blog; the proof-of-concept scripts are up on GitHub under the GNU General Public License 3.0.

security
radio
ham radio
ethernet
wireless
Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.
Latest articles
Sponsored articles
Related articles
Get our weekly newsletter when you join Hackster.
Latest articles
Read more
Related articles