Data Exfiltration through Electromagnetic Covert Channel of Wired Industrial Control Systems

Industrial control systems (ICS) often contain sensitive information related to the corresponding equipment being controlled and their configurations. Protecting such information is important to both the manufacturers and users of such ICSs. This work demonstrates an attack vector on industrial control systems where information can be exfiltrated through a electromagnetic (EM) radiation covert channel from the wired Ethernet connections commonly used by these devices. The attack leverages compromised firmware for the controller-capable of encoding sensitive/critical information into the wired network as packet transmission patterns. The EM radiation from the wired network's communication is captured without direct physical interaction using a portable software-defined radio, and subsequently demodulated on the attacker's computer. This covert channel facilitates the exfiltration of data from a distance of up to two metres with a data rate of 10 bps without any significant data loss. The nature of this covert channel demonstrates that having strong firewalls and network security.