ODINI Malware Exploits CPU-Generated Magnetic Fields to Bypass Air-Gapped Security
Researchers at Israel’s Ben-Gurion University, led by Mordechai Guri, have demonstrated a novel attack vector capable of exfiltrating sensitive data from air-gapped systems even those protected by Faraday cages. The proof-of-concept malware, dubbed ODINI, exploits low-frequency magnetic fields generated by manipulated CPU workloads to transmit stolen information through physical isolation barriers.
The attack begins with initial infection via supply-chain compromises or malicious USB drives, allowing threat actors to target high-security environments such as military, financial, and critical infrastructure sectors. Once installed, ODINI modulates the CPU’s power consumption to produce magnetic signals encoding passwords, encryption keys, or authentication tokens. These signals penetrate standard shielding, including Faraday cages, due to the low impedance of magnetic waves at these frequencies.
Data transmission occurs at up to 40 bits per second, requiring a magnetic sensor placed within 100–150 centimeters of the compromised machine. A related attack, MAGNETO, leverages an infected smartphone’s magnetometer as a receiver, functioning at distances up to 12.5 centimeters even if the device is in airplane mode or stored in a Faraday bag.
Defending against such exfiltration is challenging. Traditional Faraday cages fail to block low-frequency magnetic waves, and specialized ferromagnetic shielding (e.g., mu-metal) is cost-prohibitive. Countermeasures include hardware-based signal jamming using magnetic field generators or software-based disruption of CPU workloads, though the latter may impact system performance. The most effective mitigation remains strict physical zoning, prohibiting unauthorized electronic devices near air-gapped systems.
The research underscores vulnerabilities in environments previously considered secure, highlighting the need for layered defenses against evolving exfiltration techniques.
Source: https://cybersecuritynews.com/odini-malware-air-gapped-computers/
Ben-Gurion University TPRM report: https://www.rankiteo.com/company/ben-gurion-university
"id": "ben1778480730",
"linkid": "ben-gurion-university",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Defense',
'Finance',
'Critical Infrastructure'],
'type': ['Military',
'Financial',
'Critical infrastructure']}],
'attack_vector': ['Supply-chain compromise', 'Malicious USB drives'],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Passwords',
'Encryption keys',
'Authentication tokens']},
'description': 'Researchers at Israel’s Ben-Gurion University, led by '
'Mordechai Guri, have demonstrated a novel attack vector '
'capable of exfiltrating sensitive data from air-gapped '
'systems even those protected by Faraday cages. The '
'proof-of-concept malware, dubbed ODINI, exploits '
'low-frequency magnetic fields generated by manipulated CPU '
'workloads to transmit stolen information through physical '
'isolation barriers. The attack begins with initial infection '
'via supply-chain compromises or malicious USB drives, '
'allowing threat actors to target high-security environments '
'such as military, financial, and critical infrastructure '
'sectors. Once installed, ODINI modulates the CPU’s power '
'consumption to produce magnetic signals encoding passwords, '
'encryption keys, or authentication tokens. These signals '
'penetrate standard shielding, including Faraday cages, due to '
'the low impedance of magnetic waves at these frequencies. '
'Data transmission occurs at up to 40 bits per second, '
'requiring a magnetic sensor placed within 100–150 centimeters '
'of the compromised machine. A related attack, MAGNETO, '
'leverages an infected smartphone’s magnetometer as a '
'receiver, functioning at distances up to 12.5 centimeters '
'even if the device is in airplane mode or stored in a Faraday '
'bag.',
'impact': {'data_compromised': ['Passwords',
'Encryption keys',
'Authentication tokens'],
'systems_affected': 'Air-gapped systems'},
'lessons_learned': 'The research underscores vulnerabilities in environments '
'previously considered secure, highlighting the need for '
'layered defenses against evolving exfiltration '
'techniques.',
'post_incident_analysis': {'corrective_actions': ['Hardware-based signal '
'jamming',
'Strict physical zoning',
'Software-based disruption '
'of CPU workloads'],
'root_causes': 'Exploitation of CPU-generated '
'magnetic fields to bypass '
'air-gapped security measures'},
'recommendations': ['Implement hardware-based signal jamming',
'Enforce strict physical zoning',
'Use specialized ferromagnetic shielding (e.g., mu-metal) '
'where feasible',
'Disrupt CPU workloads to prevent signal generation (with '
'performance considerations)'],
'references': [{'source': 'Ben-Gurion University Research'}],
'response': {'containment_measures': ['Hardware-based signal jamming',
'Software-based disruption of CPU '
'workloads'],
'remediation_measures': ['Strict physical zoning',
'Prohibiting unauthorized electronic '
'devices near air-gapped systems']},
'title': 'ODINI Malware Exploits CPU-Generated Magnetic Fields to Bypass '
'Air-Gapped Security',
'type': 'Data Exfiltration',
'vulnerability_exploited': 'Exploitation of CPU-generated magnetic fields to '
'bypass air-gapped security'}