Security researchers from Israel's Ben-Gurion University have detailed their efforts on how it's possible to transmit data from an "air gapped" PC that is physically isolated from unsecured networks.
The technique only works at a very short range and has very low bandwidth but it proofs it could be possible to steal data like passwords and other user input from high-security facilities. It works by intercepting maliciously crafted radio signals emitted from the screen of the isolated computer, these radio signals are then intercepted by a smartphone with FM radio receiver.
While it's a neat concept, the biggest hurdle is probably how to infect the computer with the software that creates the required radio emissions from the video display unit.
The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Still, this is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.