MAGNETO: Covert channel between air-gapped systems and nearby smartphones via CPU-generated magnetic fields

This papers shows that attackers can leak data from isolated, air-gapped computers to nearby smartphones via covert magnetic signals. The proposed covert channel works even if a smartphone is kept inside a Faraday shielding case, which aims to block any type of inbound and outbound wireless communication (Wi-Fi, cellular, Bluetooth, etc.). Malware is implemented to control the magnetic fields emanating from the computer by regulating workloads on the CPU cores. Sensitive data such as encryption keys, passwords, or keylogging data is encoded and transmitted over the magnetic signals. A smartphone located near the computer receives the covert signals with its magnetic sensor. I present technical background, discuss signal generation, data encoding, and signal reception. The proposed covert channel works from a user-level process, without requiring special privileges, and can successfully operate from within an isolated virtual machine (VM).