An ordinary USB drive (A) is sending information to a receiver (B)
An ordinary USB drive (A) is sending information to a receiver (B)

Short Bytes: A team of Israel’s Ben-Gurion University has developed a software-only exploit named USBee. It allows the attacker to sniff data from air-gapped computers using USB drives. USBee transmits data at 80 bytes per second. Once transmitted, the attacker needs a GNU-radio-powered receiver and demodulator to read the data.

Thanks to the Snowden revelations, in the recent years, we have come to know how attackers can use USB connectors implanted with RF connectors to sniff data from air-gapped computers. One such exfiltrator, known as CottonMouth, was developed by NSA. To execute the hack, the tool had to be somehow smuggled into the facility housing the computer.

Going one step further, a team of researchers has developed an exploit named USBee that turns the USB devices already inside a facility into a transmitter. You’ll be surprised to know that, to perform this hack, one doesn’t need to make any modifications to the USB hardware.

Also Read: Here’s How Hackers Can Get Inside Your Head

Here’s what researchers have to say about their research:

“Unlike other methods, our method doesn’t require any RF transmitting hardware, since it uses the USB’s internal data bus. We also discuss signal generation, transmission, reception, and demodulation algorithms.”

The details of this hack carried out by the researchers from Israel’s Ben-Gurion University were recently published in a research paper. They write that USBee is a software-only method for exfiltrating short-range data using electromagnetic emissions by USB’s internal data bus.

Using USBee, a compromised computer can leak important data even without the internet connection or any other means of communication. USBee transmits data at about 80 bytes per second, which is sufficient enough to steal 4096-bit encryption key in less than 10 seconds. If offers a range of about 9-26 feet. Once transmitted, the data is read by a GNU-radio-powered receiver and demodulator.

The software needs no special rights on the USB device. Talking about the cost, USBee needs just $30 worth of hardware to operate.

This research team has already developed similar airgap-jumping attack mechanisms named AirHopper, BitWhisper, GSMem, and Fansmitter.

It should be noted that while such techniques are theoretically possible, their use in real-life scenarios is limited. To compromise the security of a computer, it still must be infected by malware. However, given the low cost and wide range of USB devices, exploits like USBee could become a serious threat in the future.

Did you find this article interesting? Don’t forget to drop your feedback in the comments section below.

USBee Research Paper