SpiralSpy: Exploring a Stealthy and Practical Covert Channel to Attack Air-gapped Computing Devices via mmWave Sensing

Zhengxiong Li, Baicheng Chen, Xingyu Chen, Huining Li, Chenhan Xu, Feng Lin, Chris Xiaoxuan Lu, Kui Ren, Wenyao Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Covert channels are a method of communication that is used to exfiltrate information from computing devices and break the security policy of computer systems. Any shared resource can be potentially leveraged as a covert channel, and conventional wisdom of cyber-security believes that air-gapped computing devices, disconnected from the Internet, are highly secured. Recent studies show that advanced covert channel attacks using acoustic, thermal, and electromagnetic effects can only work under a limited proximity constraint (e.g., within 2 meters). In this work, we present SpiralSpy, a new covert channel to attack air-gapped computing devices through millimeter-wave (mmWave) sensing technologies. SpiralSpy can be stealthily launched and circumvent strongly isolated computing devices from a practical distance (up to 8 meters). Specifically, we demonstrate that ordinal cooling fans can be leveraged for covert channel attacks. A malicious software inside air-gapped computing devices can saliently encode confidential data into the fan control signals, and modulated status on fan motions can be remotely decoded by a commodity mmWave sensor. SpiralSpy can be adopted on multiple-fan systems and enable a scalable capacity for multi-channel and high-speed information transfer. We evaluate SpiralSpy with 71 computing devices with cooling fans. Experimental results demonstrate that SpiralSpy can achieve up to 6 bps that is 6-24X faster than existing covert channels on air-gapped computing devices. We evaluate the usability and robustness of SpiralSpy under different real-world scenarios. Moreover, we conduct in-depth analysis and discussion on countermeasures for SpiralSpy-based covert channel attacks to improve computer and information security.
Original languageEnglish
Title of host publicationNetwork and Distributed Systems Security (NDSS) Symposium 2022
PublisherThe Internet Society
Number of pages16
ISBN (Electronic)1-891562-74-6
Publication statusPublished - 17 Apr 2022
EventThe 29th Network and Distributed System Security (NDSS) Symposium 2022 - San Diego, United States
Duration: 24 Apr 202228 Apr 2022
Conference number: 29


SymposiumThe 29th Network and Distributed System Security (NDSS) Symposium 2022
Abbreviated titleNDSS 2022
Country/TerritoryUnited States
CitySan Diego
Internet address


Dive into the research topics of 'SpiralSpy: Exploring a Stealthy and Practical Covert Channel to Attack Air-gapped Computing Devices via mmWave Sensing'. Together they form a unique fingerprint.

Cite this