A standard Ethernet cable can be turned into a data mirror that leaks secure information to a remote spy without using any battery or transmitter.
Hardware Trojans usually require a power source or a radio to broadcast stolen data, making them easy to detect. This new device simply changes the electromagnetic reflectivity of the cable itself. A remote observer can bounce a signal off the cable and read the data by watching the reflection. This technique makes the spy completely silent and invisible to traditional security scans. Secure facilities must now account for cables that can talk back without ever being plugged into a power outlet.
Reflecthernet: Exfiltrating 100BASE-TX Ethernet Traffic Using a Retroreflector Hardware Trojan
arXiv · 2605.02702
Electromagnetic eavesdropping is a well-established attack vector for remotely monitoring a target activity, most notably displays, over considerable ranges. Other targets have been considered resistant to such attacks or do not exhibit sufficient electromagnetic leakage for practical exploitation. Radio-frequency retroreflector attacks (RFRA) were developed to enable covert, active monitoring of a target by implanting a minimal hardware Trojan. These implants, typically implemented using discre