Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AnyDesk Critical 0-Day Vulnerability Lets Attackers Trigger DoS
July 16, 2026
Next.js Launches Monthly Security Releases, Patches 9 Vulnerabilities
July 16, 2026
SonicWall SMA 1000 Zero-Day Actively Exploited
July 16, 2026
Home/CyberSecurity News/ODINI Malware Exploits CPU Emissions to Breach Air-Gapped Computers
CyberSecurity News

ODINI Malware Exploits CPU Emissions to Breach Air-Gapped Computers

Key Takeaways A new proof-of-concept malware, ODINI, can exfiltrate data from air-gapped systems, including those protected by Faraday cages. ODINI manipulates CPU workloads to generate low-frequency...

David kimber
David kimber
May 11, 2026 4 Min Read
60 0

Key Takeaways

  • A new proof-of-concept malware, ODINI, can exfiltrate data from air-gapped systems, including those protected by Faraday cages.
  • ODINI manipulates CPU workloads to generate low-frequency magnetic fields, bypassing traditional physical isolation.
  • Researchers from Israel’s Ben-Gurion University, led by Mordechai Guri, developed ODINI to demonstrate this vulnerability.
  • Sectors like military, finance, and critical infrastructure, which rely heavily on air-gapped systems, are at risk.
  • Mitigation strategies include hardware-based signal jamming, software-based jamming, and strict physical security policies.

A sophisticated proof-of-concept malware, dubbed ODINI, has demonstrated the ability to extract sensitive information from air-gapped computers, even those encased within Faraday cages. This groundbreaking research reveals a critical vulnerability in systems traditionally considered impervious to external threats.

Table Of Content

  • Key Takeaways
  • ODINI Malware on Air-Gapped Networks
  • Exfiltration Mechanism
  • Receiving the Covert Signal
  • Defense Challenges and Solutions
  • What You Should Do

ODINI achieves its covert data exfiltration by precisely modulating a target computer’s CPU workload. This manipulation generates low-frequency magnetic fields, which then serve as a hidden channel for transmitting data through advanced physical isolation barriers.

The research, spearheaded by Mordechai Guri and his team at Israel’s Ben-Gurion University, underscores significant weaknesses in security environments long thought to be impenetrable. Organizations across the military, financial, and critical infrastructure sectors depend heavily on air-gapped systems and Faraday cages to safeguard sensitive data from electromagnetic interference and remote network intrusions.

Despite these robust protective measures, ODINI illustrates that determined threat actors, who initially compromise a system through supply-chain attacks or infected USB drives, can still retrieve high-value assets. These assets include passwords, authentication tokens, and encryption keys.

ODINI Malware on Air-Gapped Networks

Exfiltration Mechanism

The core mechanism for data exfiltration employed by ODINI hinges entirely on the precise manipulation of the compromised machine’s central processing unit (CPU). The malware deliberately overloads the CPU cores with intensive calculations, leading to dynamic fluctuations in power consumption. These fluctuations inherently generate low-frequency magnetic fields.

Crucially, low-frequency magnetic waves possess extremely low impedance, enabling them to effortlessly penetrate standard computer chassis components and the solid metal shielding of Faraday cages. The transmitting code requires no elevated administrative privileges to execute its tasks and utilizes straightforward processor operations, making it difficult for conventional antivirus software or runtime monitoring tools to detect.

Mordechai Guri highlighted that the malware further employs advanced data modulation schemes, such as amplitude-shift keying and frequency-shift keying, to accurately encode the stolen information onto these magnetic waves. This process ensures reliable data transmission even under challenging conditions. For more technical details, refer to the research paper by Mordechai Guri.

Receiving the Covert Signal

Once the data is encoded and broadcast as a magnetic signal, an attacker must position a specialized receiving device in close proximity to capture the covert emanations. The ODINI technique utilizes a dedicated magnetic sensor placed within a physical range of 100 to 150 centimeters from the compromised machine, achieving a maximum data transfer rate of 40 bits per second.

A related attack variant, named MAGNETO, exploits the identical CPU manipulation technique but uses an infected smartphone’s built-in magnetometer as the receiver. MAGNETO is effective at distances up to 12.5 centimeters and transfers data at a slower rate of 5 bits per second. Notably, this method functions even if the receiving smartphone is placed inside a Faraday bag or switched to airplane mode, demonstrating its resilience.

Defense Challenges and Solutions

Defending against magnetic field exfiltration presents a significant engineering challenge for security operations centers. Standard Faraday cages are ineffective against these low-frequency transmissions. Constructing physical shields from specialized ferromagnetic materials like mu-metal is often prohibitively expensive and highly impractical for widespread deployment.

Security professionals recommend implementing hardware-based signal jamming. This technique involves using commercial magnetic field generators to actively produce counter-magnetic noise, effectively drowning out the covert transmissions. Alternatively, software-based jamming can be deployed, which introduces random CPU workloads to disrupt the attacker’s encoded signal. However, this defensive approach may temporarily degrade overall system performance.

Ultimately, strict physical zoning policies that completely prohibit external electronic devices from the immediate vicinity of air-gapped computers remain the most reliable defensive measure against such advanced exfiltration techniques.

What You Should Do

  • Implement Strict Physical Security: Enforce rigorous policies that ban all unauthorized electronic devices, especially smartphones, from proximity to air-gapped systems.
  • Consider Hardware-Based Jamming: Investigate and deploy commercial magnetic field generators to actively disrupt potential covert magnetic transmissions around critical air-gapped infrastructure.
  • Evaluate Software-Based Countermeasures: Explore software solutions that introduce random CPU workloads to interfere with magnetic signal encoding, while carefully assessing the impact on system performance.
  • Regularly Audit Air-Gapped Environments: Conduct frequent audits of physical security protocols and employee compliance in areas hosting air-gapped machines.
  • Enhance Supply Chain Security: Strengthen defenses against initial infection vectors, such as compromised USB drives and supply-chain attacks, which are necessary preconditions for ODINI to operate.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachExploitMalwareSecurityThreat

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical cPanel & WHM Vulnerabilities Let Attackers Execute Code, Launch DoS

Next Post

Top 10 Full Disk Encryption Tools for 2026

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Dutch Police Dismantle €100M Investment Fraud Network, 20 Call Centers Shut Down
July 16, 2026
JetBrains Patches 6 Vulnerabilities in TeamCity, YouTrack, IntelliJ IDEA
July 16, 2026
WhatsApp GhostPairing Flaw Lets Attackers Hijack Accounts
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us