Security researchers typically specialize in finding vulnerabilities and exploits via traditional channels of communication – you know, over hardwired networks or across Wi-Fi or Bluetooth. Mordechai Guri, however, prefers to transmit data using methods that most security models don’t account for.
You see, Guri’s work as a security researcher involves conquering air-gapped computers, or those that aren’t connected to any type of network. In the past, Guri and his colleagues have siphoned data from offline computers using the noise generated by their fans and hard drives, patterns in changing air temperatures and even the blinking of hard drive activity LEDs.
The researcher’s latest work is a technique called Magneto. Described as the most dangerous technique they’ve unveiled yet, it involves carefully coordinating operations on a computer’s processor to create specific frequencies of electrical signals. When done intentionally, this creates a pattern of magnetic forces that can be used to transmit information to a nearby device over an air gap.
As Wired highlights, the device “listening” for the signal can be as trivial as a smartphone (via the phone’s magnetometer which is typically used by the compass). Data can be transmitted using this technique at a rate of between one and 40 bits a second, depending on how close the phone is to the target computer. On the low end, that’s still fast enough to steal a password in about a minute or a 4,096-bit encryption key in just over an hour.
What’s unique about this technique is that the magnetic forces can be strong enough to penetrate secure environments like those created by the metal shielding of a Faraday cage.