Attackers Could Steal Data from Air-Gapped Systems Using Electromagnetic Waves, Researcher Warns

A newly discovered attack relying on electromagnetic waves could allow threat actors to steal data from air-gapped devices from up to two meters away.

Attackers could use a laptop or even a smartphone to capture data. Electromagnetic radiation leaking from air-gapped systems could reportedly be intercepted even from behind a wall if the attacker is close enough to the target.

Air-gapped systems are isolated from the Internet to protect the sensitive information they handle. Typically, these systems are found in military or government networks, industrial control, nuclear power plants, computerized medical equipment, air traffic control and other high-risk areas.

The attack, dubbed COVID-bit, was developed by the head of R&D of The Cyber Security Research Labs at Ben-Gurion University, Mordechai Guri. He is also known for designing several other methods to extract data from air-gapped systems, including ETHERLED, SATAn, LANTENNA and GAIROSCOPE.

“Malware on an air-gapped computer can generate radio waves by executing crafted code on the target system,” reads the abstract of Guri’s technical paper. “The malicious code exploits the dynamic power consumption of modern computers and manipulates the momentary loads on CPU cores. This technique allows the malware to control the computer's internal utilization and generate low-frequency electromagnetic radiation in the 0 - 60 kHz band.”

COVID-bit could let attackers modulate sensitive information such as biometric data, keylogging and encryption keys and send it to a nearby receiver at up to 1,000 bits per second.

According to the researcher, the attack can be executed from a typical user-level process, making it highly evasive. Even worse, COVID-bit doesn’t require root privileges and could cause harm even within a virtual machine (VM).