Your Cable, My Antenna: Eavesdropping Serial Communication via Backscatter Signals

This paper presents Backscattering Through Cable (BTC), a new backscatter side-channel attack designed for low-cost and effective serial data exfiltration. The BTC attack leverages the impedance variations of a serial port when transmits different bits (‘0’ and ‘1’), which in turn creates fluctuations in the amplitude of the backscattered signal. As a consequence, the sensitive serial data leaks to the backscatter side channel. The serial cable, acting as an unintentional antenna, enables this signal to be intercepted remotely. The BTC attack is notable for its minimal requirements: it does not require any modification to the target device's hardware or software nor any prior knowledge of the target devices or serial communication configurations. Experimental validation shows successful data exfiltration over distances up to 14.5 meters in line-of-sight (LOS) setting and 4.5 meters in nonline-of-sight (NLOS) scenario, even with two wall barriers. The attack is effective at high data rates (1 Mbps and beyond) and operates across various cable types, even with lengths as short as 4 cm. To enhance the understanding of its mechanisms and to facilitate the optimization of attack parameters, a full-wave model was further developed to characterize the impacts of target device cable length and carrier frequency on the attack efficacy. Simulation results indicate that BTC can remain effective with cable lengths as short as 1 cm.