USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB

TL;DR

USBee demonstrates a software-based method to turn unmodified USB devices into electromagnetic transmitters for covert data exfiltration from air-gapped systems, achieving low-bandwidth communication.

Contribution

It introduces a novel software technique to generate electromagnetic emissions from USB data lines without hardware modifications, enabling covert data transmission.

Findings

Transmits data at 20-80 BPS bandwidth.

Uses unmodified USB devices as RF transmitters.

Effective for covert communication from air-gapped systems.

Abstract

In recent years researchers have demonstrated how attackers could use USB connectors implanted with RF transmitters to exfiltrate data from secure, and even air-gapped, computers (e.g., COTTONMOUTH in the leaked NSA ANT catalog). Such methods require a hardware modification of the USB plug or device, in which a dedicated RF transmitter is embedded. In this paper we present USBee, a software that can utilize an unmodified USB device connected to a computer as a RF transmitter. We demonstrate how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector. We also show that the emitted RF signals can be controlled and modulated with arbitrary binary data. We implement a prototype of USBee, and discuss its design and implementation details including signal generation and modulation. We evaluate the transmitter by building a receiver and demodulator using GNU Radio. Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 20 to 80 BPS (bytes per second).