Air-gapped systems reduce the likelihood of remote compromise but do not categorically prevent data exfiltration via electromagnetic side-channels. Multiple peer-reviewed demonstrations show that if an air-gapped host is already compromised, attackers can encode information into unintended emissions and recover it with a proximate receiver. Mordechai Guri at Ben-Gurion University demonstrated several practical attacks that exploited video and processor emissions to transmit data to nearby mobile phones and radios, and Markus G. Kuhn at University of Cambridge documented compromising electromagnetic emanations from keyboards and displays, establishing that even routine hardware can leak sensitive signals. These studies establish technical feasibility and inform defensive standards.
How electromagnetic exfiltration works
A malicious program can intentionally modulate hardware activity to create measurable variations in electromagnetic fields, clocking noise, or peripheral behavior. Examples documented by researchers include modulating GPU or video output to produce FM-band signals and manipulating processor instructions to generate narrowband emissions. A receiver in proximity can demodulate those variations back into data. Practical attacks require a chain of conditions: initial infection of the air-gapped machine through removable media or supply-chain compromise, a nearby receiver such as a smartphone or purpose-built radio, and favorable signal-to-noise conditions. The farther the receiver and the noisier the environment, the weaker and slower the feasible channel becomes.
Mitigations and practical limits
Countermeasures combine policy and engineering. Emission-security practices known as EMSEC and standards originating from TEMPEST programs aim to limit unintentional radiation through shielding, filtered power, and approved equipment. Physical controls such as Faraday enclosures, controlled access, removal of mobile devices, and strict media hygiene reduce risk. Monitoring for anomalous processes and limiting high-frequency components in trusted systems also helps. These measures add cost and operational constraints, which affects adoption differently across government, industrial, and academic environments. In high-security national facilities, investment in TEMPEST-certified infrastructure is common, while commercial or research institutions may rely more on policy and detection.
Consequences of successful exfiltration include espionage, loss of intellectual property, and undermining of public trust. Cultural and territorial factors influence both threat level and response: state actors with resources can perform sophisticated remote reception, and regulatory regimes differ in how much emission-hardening is required. In summary, an air gap raises the bar substantially but is not a universal guarantee against electromagnetic side-channels.