Air Gaps, Faraday Cages Can't Deter Hackers After All

Conventional wisdom says that if something isn’t connected to the outside, it can’t be hacked. But research shows that Faraday rooms and air-gapped computers that are disconnected from the internet will not deter sophisticated cyber-attackers.

Air-gapped computers used for an organization’s most highly sensitive data might also be secluded in a hermetically sealed Faraday room or enclosure, which prevents electromagnetic signals from leaking out and being picked up remotely by eavesdropping adversaries. Yet research from Cyber @ Ben-Gurion University (BGU) of the Negev has demonstrated how attackers can bypass Faraday enclosures and air gaps to leak data from the even the most highly secured computers.

The Odini method, named after the escape artist Harry Houdini, exploits the magnetic field generated by a computer’s central processing unit (CPU) to circumvent even the most securely equipped room.

In another documented cyberattack, dubbed Magneto, researchers utilized malware keystrokes and passwords on an air-gapped computer to transfer data to a nearby smartphone via its magnetic sensor. Attackers can intercept this leaked data even when a smartphone is sealed in a Faraday bag or set on airplane mode to prevent incoming and outgoing communications.

“While Faraday rooms may successfully block electromagnetic signals that emanate from computers, low-frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” explained Mordechai Guri, the head of research and development of Cyber @ BGU. “That’s why a compass still works inside of a Faraday room. Attackers can use this covert magnetic channel to intercept sensitive data from virtually any desktop PCs, servers, laptops, embedded systems and other devices.”

Jumping air gaps is not unheard of; in 2016, a stealthy data stealer run from a thumb drive was discovered, which leaves no trace on a compromised computer.

What’s Hot on Infosecurity Magazine?