Article · Wikipedia archive · Last revised Jun 23, 2026

Air-gap malware

Air-gap malware is malware that is designed to defeat the air-gap isolation of secure computer systems using various air-gap covert channels.

Last revised
Jun 23, 2026
Read time
≈ 4 min
Length
886 w
Citations
14
Source
Wikipedia ↗

Air-gap malware is malware that is designed to defeat the air-gap isolation of secure computer systems using various air-gap covert channels.12

Operation

Because most modern computers, especially laptops, have built-in microphones and speakers, air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about 65 feet (20 m)3), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link.4 The physical proximity limit can be overcome by creating an acoustically linked mesh network, but is only effective if the mesh network ultimately has a traditional Ethernet connection to the outside world by which the secure information can be removed from the secure facility. In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.56

In 2015, "HELLONE", a covert signaling channel between air-gapped computers using thermal manipulations, was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.78

Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.910

In 2016, researchers categorized various "out-of-band covert channels"11 (OOB-CCs), which are malware communication channels that require no specialized hardware at the transmitter or receiver. OOB-CCs are not as high-bandwidth as conventional radio-frequency channels; however, they are capable of leaking sensitive information that require low data rates to communicate (e.g., text, recorded audio, cryptographic key material).

In 2020, researchers of ESET Research reported Ramsay Malware, a cyber espionage framework and toolkit that collects and steals sensitive documents like Word documents from systems on air-gapped networks.

Examples

Stuxnet is a malicious Air-gap malware first uncovered on 17 June 201012 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the Iran nuclear program after it was first installed on a computer at the Natanz Nuclear Facility in 2009.1314

See also

See also

References

References

  1. Carrara, Brent (September 2016). Air-Gap Covert Channels (PDF) (PhD). University of Ottawa.
  2. Carrara, Brent; Adams, Carlisle (2016-01-01). "A Survey and Taxonomy Aimed at the Detection and Measurement of Covert Channels". Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security. IH&MMSec '16. New York, NY, USA: ACM. pp. 115–126. doi:10.1145/2909827.2930800. ISBN 9781450342902. S2CID 34896818.
  3. Goodin, Dan (2 December 2013). "Scientist-developed malware prototype covertly jumps air gaps using inaudible sound". Ars Technica.
  4. Visu, Dr.P; Chakkaravarthy, S.Sibi; Kumar, K.A.Varun; Harish, A; Kanmani, S (October 2014). "Air-Gap Malware" (PDF). Computer Engineers Technical Association – News Letter (1). Vel Tech University: 2. Archived from the original (PDF) on 22 March 2015. Retrieved 21 March 2015.
  5. Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies". arXiv:1411.0237 [cs.CR].
  6. Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone - AirHopper". BGU Cyber Security Labs.
  7. Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (April 2015). "BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations". arXiv:1503.07919 [cs.CR].
  8. Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (March 2015). "BitWhisper: The Heat is on the Air-Gap". BGU Cyber Security Labs.
  9. Guri, Mordechai; Kachlon, Assaf; Hasson, Ofer; Kedma, Gabi; Mirsky, Yisroel; Elovici, Yuval (August 2015). "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies". 24th USENIX Security Symposium (USENIX Security 15): 849–864. ISBN 9781939133113.
  10. Guri, Mordechai; Kachlon, Assaf; Hasson, Ofer; Kedma, Gabi; Mirsky, Yisroel; Monitz, Matan; Elovici, Yuval (July 2015). "GSMem Breaking The Air-Gap". Cyber Security Labs @ Ben Gurion University.
  11. Carrara, Brent; Adams, Carlisle (2016-06-01). "Out-of-Band Covert Channels—A Survey". ACM Comput. Surv. 49 (2): 23:1–23:36. doi:10.1145/2938370. ISSN 0360-0300. S2CID 13902799.
  12. "Stuxnet : A worm which targets SCADA systems". CERT-IST Computer Emergency Response Team. 2010-09-08. Retrieved 7 June 2025. Stuxnet was discovered on June 17, 2010 by the Belarusian Company VirusBlokAda (a company that develops antivirus products). At that time most of the attention of the analysts was caught by the fact that this worm uses a previously unknown vulnerability in Windows (a "0-day" flaw): the ". LNK" vulnerability which led Microsoft to release early in August the out-of-band patch MS10-046. This is only after further analysis that analysts found that Stuxnet was in fact designed to target SCADA systems.
  13. Kushner, David (2013-02-26). "The Real Story of Stuxnet". IEEE Spectrum. 50 (3): 48–53. Bibcode:2013IEEES..50c..48K. doi:10.1109/MSPEC.2013.6471059. S2CID 29782870.
  14. Sen, Ashish (2015-04-10). "Iran's Growing Cyber Capabilities in a Post-Stuxnet Era". Atlantic Council. Retrieved 2025-09-03.
Further reading

Further reading

  • Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (2014). "Air Hopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies". arXiv:1411.0237 [cs.CR].
  • Do, Quang; Martini, Ben; Choo, Kim-Kwang Raymond (2014). "Exfiltrating data from Android devices". Computers & Security. 48. Elsevier: 74–91. doi:10.1016/j.cose.2014.10.016. S2CID 46515645.
  • O'Malley, Samuel Joseph; Choo, Kim-Kwang Raymond (May 1, 2014). Bridging the Air Gap: Inaudible Data Exfiltration by Insiders. 20th Americas Conference on Information Systems. Association for Information Systems. SSRN 2431593.