For years, researchers and spies have devised ways of getting malware to computers that are “air-gapped,” or physically isolated from external network connections.

Attacks like Stuxnet, the computer worm deployed against an Iranian nuclear facility a decade ago, shattered the myth that air-gapped systems are impenetrable fortresses. In that case, suspected U.S. and Israeli intelligence operatives crossed an air gap with malware that ultimately sabotaged centrifuges at a uranium enrichment plant. They also planted an idea in the head of Mikhail Davidov, an ethical hacker: Getting malicious code into an air-gapped computer is one thing, but how do you retrieve data from the network?

One possibility, it turns out, is in the radio spectrum. With a radio, antenna, and his own computer script, Davidov figured out how to use a signal emitted by an air-gapped computer’s graphics processing unit (GPU) to exfiltrate data. Davidov, the lead security researcher at Duo Labs, published a paper with his findings Wednesday and shared them exclusively with CyberScoop.

“I was thinking a lot about data exfiltration from air-gapped networks in general and what types of vectors there could be,” Davidov said. “Often times you have to speculate about what sophisticated actors [might] be doing in the field” to demonstrate something like this in a lab, he added.

The research invites the security community to think more about how barely noticeable signals emitted by machines might be used to attack them. For governments trying to lock down their secrets, it’s another attack scenario to consider.

Looking for signals in the noise

In his hacking studio in Seattle, Davidov set up what he describes as a “run-of-the-mill” Dell workstation and got to work.

From behind a wall, and tucked 50 feet away from the target computer, Davidov used to an antenna to scan the radio-frequency spectrum, looking for variations in it for a “side channel” that he could use to extract data. Realizing the GPU, which uses computing power to process images, emits the type of radio signal that he could manipulate, Davidov wrote a computer script to help him do that. By controlling the duration of each radio transmission from the GPU — and using a software-defined radio to pick up the signal— he was able to extract data from the machine.

In other words, after picking up radio signals from the computer, a spy could decode them to uncover important data stored on the system.

“We can even vary the rate at which we shift from frequency to frequency to…pack additional data,” Davidov said in his paper.

If the technique sounds like something out of an espionage playbook, that’s because it is. Documents leaked by former National Security Agency contractor Edward Snowden revealed a number of agency hacking tools capable of bridging air gaps or reaching other sensitive systems.

But it doesn’t take an intelligence agency’s budget, or capabilities, to demonstrate how attackers can overcome the challenge of infiltrating a computer that’s physically isolated from other networks.

“Just because it’s only nation-states that need to worry about [these tools] doesn’t mean it’s only nation-states that can find them,” said Duo Labs Director Rich Smith, Davidov’s colleague. “This kind of technique can be developed by a private company in a totally financially-feasible way.”

It’s a proof-of-concept meant to show the art of the possible in using radio equipment to steal data from a computer. In practice, a number of variables could complicate the picture, including other machines in an air-gapped room that might create interfering signals with the computer you’re targeting. Davidov hopes his work will prompt other white-hat hackers to pick up their radios.

“We’re at somewhat of a digital renaissance when it comes to radio frequency [equipment],” Davidov said. “There’s so much commodity hardware available…All you need is a little USB dongle [to get started].”