How the Attack Works
Security researchers have developed a new strain of malware called ODINI that can extract sensitive information from air-gapped computers, even those protected by Faraday cages. The technique exploits low-frequency magnetic emissions generated by the computer’s CPU during normal operation. By manipulating the processor’s workload patterns, the malware can modulate these magnetic fields to encode stolen data.
A nearby receiver, such as a smartphone or a dedicated sensing device placed within a few meters of the target system, can then capture these covert magnetic signals. The approach is significant because magnetic fields can penetrate Faraday shields, which are designed to block radio frequencies and electromagnetic waves. This allows the malware to bridge what was previously considered a secure physical gap between the isolated computer and the outside world.
Impact and Scope
The ODINI malware represents a notable advancement in covert data exfiltration techniques targeting highly secure environments. Air-gapped systems are commonly used in military facilities, nuclear power plants, critical infrastructure control centers, and some classified corporate networks. The ability to bypass both physical isolation and electromagnetic shielding raises the bar for defensive security measures in these settings.
Researchers note that while the attack requires close physical proximity to deploy the receiver and achieve a clear signal, it demonstrates that even the most stringent physical security controls can have blind spots. Organizations relying on air-gapped networks may need to reassess their monitoring strategies, particularly around anomalous CPU activity patterns and the presence of unauthorized mobile devices in restricted areas.
Source: Cyber Security News
