Air-Gap Electromagnetic Covert Channel

Air-gapped systems are isolated from the Internet due to the sensitive information they handle. This article introduces a covert channel attack that leaks sensitive information over the air from highly isolated systems. The information emanates from the air-gapped computer over the air and can be picked up by a nearby insider or spy with a mobile phone or laptop. Malware on an air-gapped computer can generate radio waves by executing crafted code on the target system. The malicious code exploits the dynamic power consumption of modern computers and manipulates the momentary loads on CPU cores. This technique allows the malware to control the computer's internal utilization and generate low-frequency electromagnetic radiation in the 0-60 kHz band. Sensitive information (e.g., files, encryption keys, biometric data, and keylogging) can be modulated over the emanated signals and received by a nearby mobile phone at a max speed of 1,000 bits/sec. We show that a smartphone or laptop with a small $1 antenna carried by a malicious insider or visitor can be used as a covert receiver. Notably, the attack is highly evasive since it executes from an ordinary user-level process, does not require root privileges, and is effective even within a virtual machine (VM). We discuss the attack model and provide technical details. We implement air-gap transmission of texts and files and present signal generation and data modulation. We test the covert channel and show evaluation results. Finally, we present a set of countermeasures to this air-gap attack.