RBDS and Data Exfil

A few years back we were challenged to extract information from a network of one of our customers without the use of the Internet or other TCP/IP-based protocols. On top of that we couldn't use portable hard drives, USB thumb drivers, etc.
The idea of the project was to discover alternate possible ways a potential adversary can extract sensitive data.

After several weeks of playing with different ideas we settled on something that was fun to work on: using the Radio Broadcast Data System (RBDS) protocol as a way to extrat data. RBDS, or RDS as it's known in Europe, is a simple protocol used by FM radio stations to present small amounts of data about their broadcast on the receiver's displays. Things like radio station name, song title and artist name are sent through this protocol.

It's not difficult to work with but the problem was the amount of data we could send.

What we did was to build hardware and software that, when plugged into a server or workstation, would grab the files we wanted to expfil, encrypt them and encode them in base64. That stream would be transmitted over an unused FM freq with a computer and a receiver down the road waiting for the transmission and ready to decode/decrypt the transmission.
Man, it was a painfully slow way to extract information but it worked. As a proof of concept, it was a fun project. However, as a real world way of extracting information... well, I would search an alternative.

Fun experiement though.

Leveraging the Team Strength