In Brief: Malware can extract data from isolated systems through electromagnetic radiation emitted by monitor cables, partially undermining traditional air-gapping approaches.
Researchers have demonstrated an attack method that exfiltrates data from air-gapped systems via the monitor cable. The technique uses electromagnetic radiation from the display signal to transmit data and thereby circumvents physical network isolation.
Air-gapped systems are considered one of the most effective safeguards against data theft. They are completely isolated from the network and are intended to prevent infected computers from exfiltrating data through lines. A new attack vector exploits this isolation via a previously underestimated interface: the monitor cable.
The attack method is based on the malware modifying the signals in the display cable (typically HDMI, DVI or VGA) and using it as a side channel. The electromagnetic emissions from the cable can be received and decoded at sufficient distance. This enables data exfiltration without requiring use of a network interface or USB port.
This presents a challenge for security officials: classical air-gapping concepts must be reassessed. While the method requires physical access to a functional receiver and thus cannot be executed remotely, it demonstrates that the isolation strategy reveals gaps through physical interfaces. CISOs should evaluate the extent to which a compromised system with appropriate malware is realistic in their environment and, if necessary, consider additional measures such as electromagnetic shielding or monitoring for unexpected monitor cable activity.
Source: www.golem.de · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.