MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields

TL;DR

This paper demonstrates a novel covert channel that leaks data from air-gapped computers to nearby smartphones using CPU-generated magnetic fields, effective even through shielding and in airplane mode.

Contribution

It introduces a new covert communication method leveraging CPU magnetic emissions, capable of bypassing shielding and operating from user-level processes and virtual machines.

Findings

Effective data transmission through magnetic signals even with Faraday shielding

Works from user-level processes without special privileges

Operates successfully within virtual machines

Abstract

In this paper, we show that attackers can leak data from isolated, air-gapped computers to nearby smartphones via covert magnetic signals. The proposed covert channel works even if a smartphone is kept inside a Faraday shielding case, which aims to block any type of inbound and outbound wireless communication (Wi-Fi, cellular, Bluetooth, etc.). The channel also works if the smartphone is set in airplane mode in order to block any communication with the device. We implement a malware that controls the magnetic fields emanating from the computer by regulating workloads on the CPU cores. Sensitive data such as encryption keys, passwords, or keylogging data is encoded and transmitted over the magnetic signals. A smartphone located near the computer receives the covert signals with its magnetic sensor. We present technical background, and discuss signal generation, data encoding, and signal reception. We show that the proposed covert channel works from a user-level process, without requiring special privileges, and can successfully operate from within an isolated virtual machine (VM).