Private data exfiltration from cyber-physical systems using channel state information

Data exfiltration methods aim to extract data without authorization from a network or device without detection. In this paper, we present a novel data exfiltration method using Channel State Information (CSI) from ambient WiFi signals. Modulation is performed by modifying the environment by moving a physically actuated machine resulting in a change to the channel response that is measurable by a distant receiver capable of collecting CSI samples. An attacker can use this to exfiltrate data when transmission using conventional methods is impossible, yet the attacker controls a moving mechanism. We discuss the design of the covert channel in detail and produce a proof of concept implementation to evaluate the performance in terms of communication quality. We find that even a simple implementation provides robust communication in an office environment. Additionally, we present several countermeasures against an attack of this type.