ODINI Malware Exploits CPU Emissions to Breach Air-Gapped Computers
Key Takeaways A new proof-of-concept malware, ODINI, can exfiltrate data from air-gapped systems, including those protected by Faraday cages. ODINI manipulates CPU workloads to generate low-frequency...
Key Takeaways
- A new proof-of-concept malware, ODINI, can exfiltrate data from air-gapped systems, including those protected by Faraday cages.
- ODINI manipulates CPU workloads to generate low-frequency magnetic fields, bypassing traditional physical isolation.
- Researchers from Israel’s Ben-Gurion University, led by Mordechai Guri, developed ODINI to demonstrate this vulnerability.
- Sectors like military, finance, and critical infrastructure, which rely heavily on air-gapped systems, are at risk.
- Mitigation strategies include hardware-based signal jamming, software-based jamming, and strict physical security policies.
A sophisticated proof-of-concept malware, dubbed ODINI, has demonstrated the ability to extract sensitive information from air-gapped computers, even those encased within Faraday cages. This groundbreaking research reveals a critical vulnerability in systems traditionally considered impervious to external threats.
Table Of Content
ODINI achieves its covert data exfiltration by precisely modulating a target computer’s CPU workload. This manipulation generates low-frequency magnetic fields, which then serve as a hidden channel for transmitting data through advanced physical isolation barriers.
The research, spearheaded by Mordechai Guri and his team at Israel’s Ben-Gurion University, underscores significant weaknesses in security environments long thought to be impenetrable. Organizations across the military, financial, and critical infrastructure sectors depend heavily on air-gapped systems and Faraday cages to safeguard sensitive data from electromagnetic interference and remote network intrusions.
Despite these robust protective measures, ODINI illustrates that determined threat actors, who initially compromise a system through supply-chain attacks or infected USB drives, can still retrieve high-value assets. These assets include passwords, authentication tokens, and encryption keys.

ODINI Malware on Air-Gapped Networks
Exfiltration Mechanism
The core mechanism for data exfiltration employed by ODINI hinges entirely on the precise manipulation of the compromised machine’s central processing unit (CPU). The malware deliberately overloads the CPU cores with intensive calculations, leading to dynamic fluctuations in power consumption. These fluctuations inherently generate low-frequency magnetic fields.
Crucially, low-frequency magnetic waves possess extremely low impedance, enabling them to effortlessly penetrate standard computer chassis components and the solid metal shielding of Faraday cages. The transmitting code requires no elevated administrative privileges to execute its tasks and utilizes straightforward processor operations, making it difficult for conventional antivirus software or runtime monitoring tools to detect.
Mordechai Guri highlighted that the malware further employs advanced data modulation schemes, such as amplitude-shift keying and frequency-shift keying, to accurately encode the stolen information onto these magnetic waves. This process ensures reliable data transmission even under challenging conditions. For more technical details, refer to the research paper by Mordechai Guri.
Receiving the Covert Signal
Once the data is encoded and broadcast as a magnetic signal, an attacker must position a specialized receiving device in close proximity to capture the covert emanations. The ODINI technique utilizes a dedicated magnetic sensor placed within a physical range of 100 to 150 centimeters from the compromised machine, achieving a maximum data transfer rate of 40 bits per second.

A related attack variant, named MAGNETO, exploits the identical CPU manipulation technique but uses an infected smartphone’s built-in magnetometer as the receiver. MAGNETO is effective at distances up to 12.5 centimeters and transfers data at a slower rate of 5 bits per second. Notably, this method functions even if the receiving smartphone is placed inside a Faraday bag or switched to airplane mode, demonstrating its resilience.
Defense Challenges and Solutions
Defending against magnetic field exfiltration presents a significant engineering challenge for security operations centers. Standard Faraday cages are ineffective against these low-frequency transmissions. Constructing physical shields from specialized ferromagnetic materials like mu-metal is often prohibitively expensive and highly impractical for widespread deployment.
Security professionals recommend implementing hardware-based signal jamming. This technique involves using commercial magnetic field generators to actively produce counter-magnetic noise, effectively drowning out the covert transmissions. Alternatively, software-based jamming can be deployed, which introduces random CPU workloads to disrupt the attacker’s encoded signal. However, this defensive approach may temporarily degrade overall system performance.
Ultimately, strict physical zoning policies that completely prohibit external electronic devices from the immediate vicinity of air-gapped computers remain the most reliable defensive measure against such advanced exfiltration techniques.
What You Should Do
- Implement Strict Physical Security: Enforce rigorous policies that ban all unauthorized electronic devices, especially smartphones, from proximity to air-gapped systems.
- Consider Hardware-Based Jamming: Investigate and deploy commercial magnetic field generators to actively disrupt potential covert magnetic transmissions around critical air-gapped infrastructure.
- Evaluate Software-Based Countermeasures: Explore software solutions that introduce random CPU workloads to interfere with magnetic signal encoding, while carefully assessing the impact on system performance.
- Regularly Audit Air-Gapped Environments: Conduct frequent audits of physical security protocols and employee compliance in areas hosting air-gapped machines.
- Enhance Supply Chain Security: Strengthen defenses against initial infection vectors, such as compromised USB drives and supply-chain attacks, which are necessary preconditions for ODINI to operate.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.