How ODINI Breaches Air‑Gapped Machines: Exfiltrating Keys Without Opening the Cage

Five‑Minute Overview of ODINI

One‑Sentence Version

A computer locked inside a metal Faraday cage with no network connection can have its sensitive data stolen by researchers who modulate the CPU’s “busy‑idle” rhythm to emit a magnetic signal that passes through the cage.

Full Principle (Five Steps)

Step 1: Deliver malicious software. Even air‑gapped machines require USB media or insider handling; attackers can use supply‑chain compromises, malicious USB drives, or insider cooperation to plant a payload. ODINI itself does not perform the initial intrusion—it assumes the malware is already inside.

Step 2: Locate valuable data. The payload scans for high‑value, low‑volume items such as passwords, SSH keys, VPN certificates, and RSA private keys.

Step 3: Encode data in the CPU’s “heartbeat”. The malware forces the CPU to switch rapidly between high‑power (busy) and low‑power (idle) states. This creates a weak magnetic field whose pattern encodes bits (e.g., busy‑busy‑idle = 1, idle‑busy = 0), similar to Morse code.

Step 4: Magnetic field penetrates the enclosure. Low‑frequency magnetic fields easily pass through the metal chassis and Faraday cage, which block radio signals but not such magnetic emissions.

Step 5: External receiver captures the signal. An attacker places a magnetic sensor—or a modified smartphone—outside the cage to detect the field, reconstruct the bitstream, and forward the recovered data over a normal network. No physical entry into the protected room is required.

What Can Be Achieved?

The original ODINI prototype reaches a maximum exfiltration rate of 40 bits/s . While modest, this is sufficient to steal an RSA‑2048 private key within a few hours, or to exfiltrate passwords and certificates in minutes. The attack is silent: it generates no network traffic and triggers no software alarms.

RSA‑2048 private key can be exfiltrated in a few hours.

Sensitive passwords and certificates can be leaked in a few minutes.

The entire operation is noiseless and leaves no obvious trace.

A variant called MAGNETO uses a smartphone’s magnetometer as the receiver. Its rate drops to 0.2‑5 bits/s, meaning a key may take days to extract, but the phone can operate inside a Faraday bag or airplane‑mode, making the attack even more covert.

Isolation Is Not Absolute

ODINI remains a proof‑of‑concept (PoC) and has not been observed in the wild, but the gap between academic demonstration and real‑world exploitation is shrinking rapidly, especially as AI‑driven vulnerability discovery shortens exploit development cycles.

These findings remind defenders that physical isolation alone cannot be relied upon; attackers are already exploring ways to breach the “last line of defense.”