AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers
This presents a new, practical data exfiltration risk for organizations and individuals relying on air-gapped security for sensitive data.
This paper demonstrates a method to exfiltrate data from air-gapped computers using covert Wi-Fi signals generated through memory bus activity, without requiring special hardware. The signals can be intercepted by nearby Wi-Fi devices several meters away, decoded, and sent to an attacker.
In this paper, we show that attackers can exfiltrate data from air-gapped computers via Wi-Fi signals. Malware in a compromised air-gapped computer can generate signals in the Wi-Fi frequency bands. The signals are generated through the memory buses - no special hardware is required. Sensitive data can be modulated and secretly exfiltrated on top of the signals. We show that nearby Wi-Fi capable devices (e.g., smartphones, laptops, IoT devices) can intercept these signals, decode them, and send them to the attacker over the Internet. To extract the signals, we utilize the physical layer information exposed by the Wi-Fi chips. We implement the transmitter and receiver and discuss design considerations and implementation details. We evaluate this covert channel in terms of bandwidth and distance and present a set of countermeasures. Our evaluation shows that data can be exfiltrated from air-gapped computers to nearby Wi-Fi receivers located a distance of several meters away.