Recent research from the Cybersecurity Research Center at Ben Gurion University, led by Mordechai Guri, has revealed alarming advancements in methods for extracting data from highly secure environments, specifically air-gapped PCs and systems located within Faraday cages. These devices are typically deemed secure due to their isolation from external networks, but innovative techniques outlined in the study demonstrate that attackers can successfully exfiltrate information even in these tightly controlled settings.
Air-gapped computers, disconnected from the internet and local networks, are commonly assumed to provide robust protection against cyber threats. Meanwhile, Faraday cages, which shield devices from electromagnetic radiation, are believed to enhance this security by preventing any wireless communications. Nevertheless, the team has pioneered two techniques—dubbed MAGNETO and ODINI—that exploit subtle magnetic field variations emitted by these devices when influenced by malware.
The process begins with malware infiltrating an air-gapped computer. Once planted, this malware collects sensitive information, such as encryption keys and credentials. Utilizing CPU workload regulation, it generates specific magnetic frequencies that can transmit data covertly to a nearby receiver—an approach that operates without requiring a traditional network connection for data extraction.
Guri emphasized the novelty of this approach, stating, “Everyone was focused on entering these secure networks, but there was little attention on extracting information.” The research disrupts the premise that strong security measures, including the physical isolation of critical systems, ensure complete safety from data theft.
From a technical perspective, MAGNETO operates over short ranges. An Android application on an attacker’s smartphone can capture stolen data through the device’s magnetometer, functioning effectively even if the phone is inside a Faraday bag or airplane mode. Conversely, the ODINI technique enables data retrieval over longer distances through a dedicated magnetic sensor, achieving significantly higher transfer rates compared to MAGNETO.
The research team reported that MAGNETO could transmit data at a rate of 5 bits per second over a range of 12.5 centimeters, while ODINI could achieve 40 bits per second over distances between 100 and 150 centimeters. Such findings underline the potential vulnerabilities remaining in systems designed for utmost security.
The MITRE ATT&CK Matrix offers insights into potential adversary tactics employed during these attacks. Initial access could be gained through malware, while persistence and privilege escalation might occur once the malware is operational. Notably, the techniques leveraged, including the manipulation of electromagnetic emissions, could align with tactics such as exfiltration using alternative communication channels.
In response to these findings, the research emphasizes the need for ongoing vigilance and the implementation of countermeasures such as shielding, jamming, and zoning to protect sensitive systems against these sophisticated exfiltration techniques. As cybersecurity continues to evolve, understanding these kinds of threats is vital for organizations aiming to secure their most critical assets in an increasingly hostile digital landscape.
Moreover, Guri and his team have previously explored other covert methods targeting air-gapped computers, such as the aIR-Jumper attack, which uses infrared technology, or the USBee attack, utilizing radio frequency emissions. With a history of innovative research, Ben Gurion University remains at the forefront of uncovering vulnerabilities in highly secure computing environments, reminding organizations that complacency may pose significant risks to data integrity.