Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Air-Gapped Computers Can Communicate Through Heat: Researchers

BitWhisper: Stealing Data From Isolated Computers Using Heat Emissions and Built-in Thermal Sensors

Researchers at the Ben Gurion University in Israel have demonstrated that two computers in close proximity to each other can communicate using heat emissions and built-in thermal sensors.

BitWhisper: Stealing Data From Isolated Computers Using Heat Emissions and Built-in Thermal Sensors

Researchers at the Ben Gurion University in Israel have demonstrated that two computers in close proximity to each other can communicate using heat emissions and built-in thermal sensors.

In an experimental scenario involving two debitvices placed at up to 15 inches from each other, researchers have managed to transmit up to 8 bits of data per hour, which is enough for exfiltrating sensitive data such as passwords and secret keys, and for sending commands. This novel attack method has been dubbed BitWhisper.

It is not uncommon for organizations that handle highly sensitive information to isolate certain computers in order to protect valuable assets. Air-gap security is often used for industrial control systems (ICS) and military networks. However, as it has been demonstrated before, such as in the case of the notorious Stuxnet worm which targeted Iranian nuclear facilities, air-gap security can be breached.

Over the past months, Ben Gurion University researchers have analyzed several techniques that can be leveraged to exfiltrate data from an air-gapped computer, including by using radio signals emitted by a device’s graphics card, and by using a multifunctional printer to receive and transmit data.

Now, experts have demonstrated that a bidirectional communication channel can be established between two standard computers by using the heat emitted by various components, such as the CPU and the GPU. An attacker simply needs to plant a piece of malware on each of the PCs that need to communicate.

In their experimental scenario, researchers placed two computers parallel to each other on a desk located in a standard office environment. One of the devices was connected to the Internet, while the other was connected to the internal network. This is a common scenario in many organizations where employees are required to carry out sensitive tasks on an air-gapped system while still needing access to the Internet.

BitWhisper experiment

Infecting the Internet-connected device with malware is not a difficult task. As demonstrated numerous times before, a piece of malware can be easily delivered using spear-phishing emails and social engineering techniques. Planting a threat on an isolated system is possible through attacks on the supply chain, infected USB drives, or with the aid of malicious insiders, researchers explained in a paper that will be published in the upcoming days.

Once the malware is in place on both computers, heating patterns are generated on the sender device by controlling the CPU or GPU workload, which results in modifications in temperature. In the meantime, the receiving PC monitors the temperature changes using the thermal sensors built into the CPU, the GPU, the motherboard, or other components.

“BitWhisper establishes a covert channel by emitting heat from one PC to the other in a controlled manner. By regulating the heating patterns, binary data is modulated into thermal signals. In turn, the adjacent PC uses its built-in thermal sensors to measure the environmental changes. These changes are then sampled, processed, and demodulated into binary data,” researchers explained.

While BitWhisper is highly complex, with numerous variables that must be taken into consideration for the attack to be successful, the method doesn’t require any dedicated or modified hardware, experts noted.

In addition to stealing sensitive information from air-gapped devices, the BitWhisper method can also be used for a worm attack or to send malicious commands to isolated ICS.

“After infecting the networks, the malware spreads over both networks and searches the surroundings for additional PCs within close proximity, spatially. Proximity is determined by periodically sending ‘thermal pings’ over the air,” researchers explained. “Once a bridging attempt is successful, a logical link between the public network and the internal network in established. At this stage, the attacker can communicate with the formerly isolated network, issuing commands and receiving responses.”

In a video demonstrating the capabilities of a BitWhisper prototype, researchers have used a USB missile launcher to shown that one air-gapped computer can send commands to another air-gapped device using only thermal radiation.

Related Reading: “AirHopper” Malware Uses Radio Signals to Steal Data from Isolated Computers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


More than 3,800 servers around the world have been compromised in recent ESXiArgs ransomware attacks, which also include an improved process.