The security of airgapped systems is generally taken for granted, as airgapping removes the primary vectors for infiltration and exploitation. It is also generally assumed that even an infiltrated airgapped system is still (relatively) safe, as the infiltrator has no way to activate their payload on demand.
We intend to show that this second assumption is easily broken by a determined attacker with knowledge of their target's hardware. By taking advantage of weaknesses in RF shielding and/or sensitivity to spurious emissions, the attacker may circumvent the airgap from a remote location at their leisure with only publicly available transmission equipment and a rudimentary knowledge of physics.
This repository contains a proof-of-concept for the above principle, for the Intel Edison.