December 12, 2022

Mordechai Guri, a security researcher known for inventing inventive ways to siphon data from computers that aren’t connected to the internet, has discovered a new exploit that can exfiltrate data to a nearby smartphone.

It is known as COVID-bit, and it uses electromagnetic waves to transmit data from air-gapped systems that are isolated from the internet over a distance of at least two meters (6.5 ft) to a receiver.

The mechanism employs malware installed on the machine to generate electromagnetic radiation in the 0-60 kHz frequency band, which is then transmitted and detected by a stealthy receiving device in close physical proximity.

This is made possible by utilizing modern computers’ dynamic power consumption and manipulating the momentary loads on CPU cores.

The researchers developed a malware program that regulates CPU load and core frequency in a specific manner to cause the power supplies on air-gapped computers to emit electromagnetic radiation on a low-frequency band in order to transmit the data in the COVID-bit attack (0 – 48 kHz). A laptop or smartphone can be used as the receiver, with a small loop antenna connected to the 3.5mm audio jack, which can be easily spoofed in the form of headphones/earphones.

The smartphone is capable of capturing the transmission, applying a noise reduction filter, demodulating the raw data, and eventually decoding the secret.

“The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop,” Guri said.

The sources for this piece include an article in BleepingComputer.