Skip to content

Instantly share code, notes, and snippets.

@ricardomaia

ricardomaia/exfiltration.md

Last active February 16, 2026 14:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ricardomaia/482c7efe62d45dda448eb6d0df014637 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ricardomaia/482c7efe62d45dda448eb6d0df014637 to your computer and use it in GitHub Desktop.
Download ZIP
Eavesdropping / Data exfiltration
Raw
exfiltration.md

Air-Gapped Eavesdropping & Data Exfiltration Techniques

My collection of covert channels, side-channel attacks, and air-gap exfiltration techniques, organized by physical vector and sensing modality.

1. Thermal Channels

BitWhisper – Thermal Covert Channel

Data exfiltration via controlled heat emissions between adjacent air-gapped computers.

HOTSPOT – Air-Gap Exfiltration via Temperature Sensors

Variant of BitWhisper targeting smartphone temperature sensors as receivers, crossing the air-gap via controlled thermal fluctuations from the compromised PC.

Thermanator – Thermal Residue-Based Keystroke Attacks

Recovery of keyboard input using residual heat patterns captured by thermal cameras.

COVID-bit – Thermal Social-Distance Covert Channel

Thermal signaling detectable at distances >= 2 meters, exploiting environmental heat propagation.

Clock Skew via Thermal Manipulation

Thermally induced clock drift used as a low-bandwidth covert signaling channel.

Infrared PIN & Keystroke Recovery

Recovery of PINs and keystrokes using thermal imaging of recently touched surfaces.

2. Acoustic & Vibration Channels

Fansmitter – Acoustic Data Exfiltration via Fans

Modulation of fan speed to generate acoustic signals carrying sensitive data.

GPU-FAN – Covert Noise from GPU Fans

Modulation of GPU fan speed for data transmission, extending the Fansmitter concept to discrete graphics cards.

DiskFiltration – Covert Hard-Drive Noise

Acoustic data exfiltration from speakerless air-gapped computers via controlled hard-drive seek noise.

CD-LEAK – Acoustic Signals from CD/DVD Drives

Covert acoustic signals generated by manipulating the CD/DVD drive motor and head movement in audioless computers.

POWER-SUPPLaY – Power Supply Acoustic Leakage

Turning power supplies into speakers by modulating load-induced coil vibrations.

CASPER – Data Leak via Internal PC Speaker

Exfiltration using the internal motherboard buzzer (BIOS beep speaker) to transmit ultrasonic signals at 20 bits/sec over 1.5 meters.

MOSQUITO – Speaker-to-Speaker Ultrasonic Channel

Inaudible ultrasonic communication between speakers and microphones.

PIXHELL – Leaking Data via Singing Pixels (2024)

Acoustic exfiltration through noise generated by rapidly shifting bitmap patterns on LCD screens. Works without any audio hardware (speakers, headphones).

SmartAttack – Ultrasonic Air-Gap Attack via Smartwatches (2025)

First attack leveraging smartwatches as receivers for ultrasonic covert communication in air-gapped environments (18-22 kHz). Effective at up to 8 meters with zero bit error rate at 5 bps. Published at IEEE COMPSAC 2025.

AiR-ViBeR – Surface Vibration Exfiltration

Data transmission through mechanical vibrations propagating across solid surfaces.

DiskSpy – Long-Range HDD Vibration Sensing via mmWave (2025)

Modulates hard disk vibrations to encode sensitive data, then uses a COTS mmWave radar to decode from over 20 meters away. Works in NLOS scenarios and with unknown target locations. Published at USENIX Security 2025.

GAIROSCOPE – Gyroscope Injection Attacks

Injecting data into MEMS gyroscopes using acoustic interference.

Resonance-Based Mechanical Covert Channels

Exploitation of structural resonance frequencies for improved vibration-based signaling.

Bone-Conduction Side Channels

Transmission of vibrational signals through the human body to wearables.

Ultrasonic Covert Channels with Deep Learning

Neural decoding of ultrasonic emissions in noisy environments.

Acoustic Side Channel Attack on Keyboards (Deep Learning)

A practical deep learning-based attack that identifies keystrokes by sound with very high accuracy.

Laser Microphone

Audio recovery by measuring laser reflections from vibrating surfaces.

The Laser Eavesdropper (RV Jones Christmas Lectures)

Classic demonstration of laser-based eavesdropping by reflecting a beam off a vibrating surface to reconstruct conversations.

Visual Microphone

Passive recovery of sound from video of vibrating objects.

3. Optical & Visual Channels

LED-it-GO – Hard Drive LED Optical Exfiltration

Data exfiltration by modulating the hard drive activity LED at speeds invisible to the human eye.

ETHERLED – Covert Morse Signals from NIC LEDs

Exfiltration of data by controlling network interface card LEDs to transmit encoded Morse signals.

xLED – Data Exfiltration via Switch and Router LEDs

Controls status LEDs on network switches and routers to transmit covert data at 10 bit/sec to over 1 Kbit/sec per LED.

CTRL-ALT-LED – Exfiltration via Keyboard LEDs

Uses keyboard indicator LEDs (Caps Lock, Num Lock, Scroll Lock) as an optical covert channel.

aIR-Jumper – Bidirectional Covert Channel via Security Camera IR LEDs

Bidirectional air-gap communication using infrared LEDs of surveillance cameras. Exfiltration at 20 bit/sec and infiltration at over 100 bit/sec, reaching hundreds of meters with IR.

BRIGHTNESS – Screen Brightness Covert Channel

Imperceptible modulation of LCD screen brightness to transmit data optically to a nearby camera or light sensor.

VisiSploit – Optical Covert-Channel via LCD Flickering

Very low contrast LCD display flickering, invisible to the human eye, used to exfiltrate data from air-gapped systems.

Extracting Cryptographic Keys via Power LED Videos

Extraction of cryptographic keys by analyzing video recordings of a device's power indicator LED.

Glowworm – Optical TEMPEST via Power LEDs

Recovery of audio signals from power indicator LEDs.

ScreenGlint – Screen Reflection Leakage

Data leakage via microscopic reflections of screen content on nearby objects.

Neural Optical TEMPEST

Reconstruction of degraded optical signals using deep learning.

4. Electromagnetic (EM) Channels

USBee – USB Electromagnetic Emissions

Covert RF transmission via USB data bus electromagnetic leakage.

SATAn – SATA Cable RF Emissions

Radio signal generation via SATA cable electromagnetic radiation at 6 GHz.

LANtenna – Ethernet Cable RF Leakage

Using Ethernet cables as antennas for RF data exfiltration.

AIR-FI – Covert Wi-Fi Signal Generation

Software-only generation of Wi-Fi-compatible signals from DDR SDRAM memory buses without any wireless hardware.

GSMem – Data Exfiltration over GSM Frequencies

Generates EM emissions at cellular frequencies by invoking specific memory-related instructions and utilizing multichannel memory architecture. Received by a rootkit in the baseband firmware of a nearby phone.

AirHopper – Bridging Air-Gap via FM Radio Signals

FM radio emissions generated by the computer's video card, decoded by the FM radio receiver in a nearby mobile phone. Effective at 1-7 meters.

MAGNETO – CPU-Generated Magnetic Fields to Smartphones

Covert channel between air-gapped systems and nearby smartphones via CPU-generated magnetic fields detected by the magnetometer.

RAMBO – Leaking Secrets via Radio Signals from RAM (2024)

Malware manipulates memory bus operations to generate controlled radio signals from RAM. An attacker intercepts with an SDR and antenna at up to 1000 bits/sec. Published at NordSec 2024.

TEMPEST-LoRa – Cross-Technology Covert Communication (2025)

Manipulates EM radiation from VGA/HDMI video cables to generate LoRa-protocol-compatible packets. Received by widely deployed COTS LoRa gateways at up to 87.5m (COTS) or 132m (SDR), penetrating multiple concrete walls. Published at ACM CCS 2025.

AirKeyLogger – Hardwareless Air-Gap Keylogging (2023)

Keylogging attack on air-gapped computers using electromagnetic emanations without any additional hardware implant.

Compromising Electromagnetic Emanations of Wired Keyboards

Recovery of keystrokes via EM side channels from wired keyboard cables.

PCIe Bus Electromagnetic Leakage

High-bandwidth EM emissions from PCIe interconnects.

5. Magnetic Channels

ODINI – Magnetic Field Exfiltration

Low-frequency magnetic signaling capable of bypassing Faraday cages.

6. Power & Infrastructure Channels

PowerHammer – Power Line Exfiltration

Data transmission via fluctuations on electrical power lines.

VRM-Based EM Side Channels

Information leakage via voltage regulator modules.

7. Sensor-Based Channels

BaroBit – Barometer-Based Covert Channel

Data exfiltration using barometric pressure sensors.

Ambient Light Sensor Covert Channels

Light modulation captured by environmental light sensors.

8. Storage & Memory Channels

HDD / SSD-Induced Vibrational Leakage

Data-dependent vibration patterns from storage devices.

Rowhammer-Based Covert Channels

Memory disturbance used for covert communication between isolated domains.

9. Human-Centric & Hybrid Channels

PlaceRaider – Visual Reconstruction Attacks

3D reconstruction of environments using compromised cameras.

Human-in-the-Loop Side Channels

Extraction of information via involuntary human micro-movements.

10. Surveys & Meta-Analysis

Comprehensive Survey of Air-Gapped Covert Channels

Modern classification and comparison of air-gap attack vectors.

Securing Air-Gapped Systems – ISO 27001 Clause Proposal (2025)

Review of covert exfiltration techniques with a new clause proposal for ISO 27001 standardization.

Notes

  • Artificial intelligence significantly increases channel reliability.
  • Air-gapping is a mitigation, not a guarantee.
  • Physical isolation remains the only robust defense.
  • Techniques marked (2024) and (2025) represent the most recent research.
@ricardomaia
Copy link
Author

ricardomaia commented Feb 16, 2026

Threat Modeling for Air-Gapped & Side-Channel Attacks

Practical threat assessment mapping air-gap eavesdropping and covert-channel techniques to
real-world environments, focusing on feasibility, impact, and operational risk.

1. Industrial Control Systems (ICS / SCADA)

Environment Characteristics

  • Long system lifecycles (10-30 years)
  • Legacy hardware and firmware
  • Predictable workloads
  • High availability requirements
  • Often partially air-gapped, not physically isolated

High-Risk Attack Vectors

Electromagnetic (EM) Channels

  • USBee
  • SATAn
  • LANtenna
  • PCIe EM leakage

Why effective:

  • Long, unshielded cables act as antennas
  • Industrial environments tolerate EM noise
  • Monitoring focuses on network traffic, not emissions

Impact:

  • Stealthy exfiltration of PLC logic
  • Extraction of operational parameters
  • Intellectual property leakage

Power Line-Based Channels

  • PowerHammer
  • VRM-based leakage

Why effective:

  • Shared power infrastructure
  • Limited filtering at industrial scale
  • Difficult to attribute to a specific host

Impact:

  • Low-bandwidth but persistent leakage
  • Ideal for long-term espionage

Acoustic & Vibration Channels

  • Fansmitter
  • POWER-SUPPLaY
  • AiR-ViBeR

Why effective:

  • Constant ambient noise masks signals
  • Machinery already vibrates
  • Low likelihood of acoustic monitoring

Impact:

  • Slow but reliable data leakage
  • Particularly effective overnight or during idle cycles

Defensive Reality Check

  • Logical air-gap != physical isolation
  • EM shielding and power filtering are rarely budgeted
  • Acoustic countermeasures are almost nonexistent

Overall Risk Level: HIGH

2. Military & Intelligence Facilities

Environment Characteristics

  • Formal air-gaps
  • Classified threat models
  • Controlled physical access
  • TEMPEST awareness (sometimes outdated)

High-Risk Attack Vectors

Magnetic Field Channels

  • ODINI

Why effective:

  • Magnetic fields bypass Faraday cages
  • Shielding often focuses on EM, not magnetic flux

Impact:

  • Covert exfiltration from hardened environments
  • Bypasses classical TEMPEST defenses

Optical Channels

  • LED-based leakage
  • Glowworm
  • Neural Optical TEMPEST
  • ScreenGlint

Why effective:

  • Status LEDs often overlooked
  • Visual line-of-sight exists (CCTV, windows, reflections)
  • AI makes weak optical signals exploitable

Impact:

  • Leakage of cryptographic material
  • Reconstruction of user activity
  • Extremely hard to detect passively

Thermal Channels

  • BitWhisper
  • COVID-bit
  • Clock skew via thermal manipulation

Why effective:

  • Thermal emissions are considered benign
  • HVAC systems propagate signals
  • Monitoring focuses on EM/acoustic domains

Impact:

  • Ultra-low bandwidth but very stealthy
  • Suitable for command-and-control signaling

Defensive Reality Check

  • TEMPEST controls often assume 1990s threat models
  • AI-enhanced reconstruction breaks previous safety margins
  • Physical isolation is often incomplete in practice

Overall Risk Level: MEDIUM-HIGH (for targeted adversaries)

3. Hospital & Medical Environments

Environment Characteristics

  • Mixed legacy and modern equipment
  • Strict uptime and safety requirements
  • High device density
  • Limited cybersecurity staffing
  • Focus on compliance, not adversarial threat models

High-Risk Attack Vectors

Acoustic & Ultrasonic Channels

  • MOSQUITO
  • Ultrasonic DL-enhanced attacks
  • Bone-conduction channels

Why effective:

  • Constant alarms and beeps
  • Medical devices often include speakers and microphones
  • Wearables and smartphones present

Impact:

  • Leakage of patient data
  • Exfiltration from diagnostic systems
  • Potential regulatory violations (HIPAA/GDPR/LGPD)

Sensor-Based Channels

  • GAIROSCOPE
  • BaroBit
  • Ambient light sensor channels

Why effective:

  • Proliferation of sensors in medical devices
  • Minimal sensor isolation
  • Third-party apps and maintenance tools

Impact:

  • Data leakage without network access
  • Cross-device covert signaling

Optical Channels

  • Power LEDs
  • Displays in diagnostic equipment
  • Reflections from glossy surfaces

Why effective:

  • Visual accessibility prioritized for clinicians
  • No optical threat monitoring
  • Cameras everywhere (security, phones)

Impact:

  • Leakage of exam data
  • Exposure of internal workflows

Defensive Reality Check

  • Security controls must not interfere with patient safety
  • Air-gapping often incomplete due to maintenance needs
  • Side-channel threats are largely unconsidered

Overall Risk Level: HIGH

4. Comparative Risk Summary

Environment Primary Risk Vectors Attacker Profile Overall Risk
ICS / SCADA EM, Power, Acoustic Nation-state, APT HIGH
Military Optical, Magnetic, Thermal Nation-state MED-HIGH
Hospital Acoustic, Sensor, Optical Criminal / APT HIGH

5. Key Takeaways

  • Air-gaps reduce attack surface but do not eliminate it
  • Side channels bypass software security entirely
  • AI dramatically lowers the signal-to-noise barrier
  • Most defenses are based on outdated assumptions

Physical isolation is the only robust mitigation -- and is rarely absolute.

6. What Defenders Think vs. Reality

Assumption 1: "Air-gapped means no data can leave"

What defenders think:
Removing network connectivity eliminates exfiltration paths.

Reality:
Air-gaps only remove logical channels.
Physical channels (EM, acoustic, optical, thermal, magnetic) remain fully exploitable.

Consequence:
Security posture is built on a false binary model: networked vs isolated.

Assumption 2: "Low bandwidth attacks are irrelevant"

What defenders think:
If an attack only leaks bits per second, it is not operationally useful.

Reality:

  • Cryptographic keys
  • Credentials
  • Command-and-control signals

All require very little bandwidth.

Consequence:
Low-bandwidth channels are ideal for long-term espionage.

Assumption 3: "Environmental noise makes attacks impractical"

What defenders think:
Noise (EM, acoustic, thermal) masks covert signals.

Reality:

  • Noise is often predictable
  • Machine learning excels at extracting weak signals
  • Industrial and hospital environments normalize noise

Consequence:
Noise increases stealth, not safety.

Assumption 4: "TEMPEST compliance covers these threats"

What defenders think:
TEMPEST standards mitigate EM leakage risks.

Reality:

  • TEMPEST models are often decades old
  • Focus is on EM, not optical, magnetic, or sensor-based channels
  • AI breaks historical attenuation assumptions

Consequence:
Compliance != security.

Assumption 5: "If it were real, we would see it in the wild"

What defenders think:
Lack of public incidents implies low risk.

Reality:

  • Side-channel attacks are designed to be invisible
  • Attribution is extremely difficult
  • Absence of evidence != evidence of absence

Consequence:
Threat modeling lags behind attacker capability.

7. Countermeasures by Environment

7.1 Industrial Control Systems (ICS / SCADA)

Practical Countermeasures

  • Physical cable management
    • Shorter cables
    • Shielded conduits
    • Grounded trays
  • Power line filtering
    • Isolation transformers
    • Dedicated power domains
  • Strict removable media control
    • One-way data diodes
    • Media scanning stations
  • Physical zoning
    • Separate control rooms from plant floors

Illusory Countermeasures

  • "Air-gapped VLANs"
  • Antivirus on HMIs
  • Network IDS without physical monitoring
  • Belief that industrial noise provides protection

7.2 Military & Intelligence Environments

Practical Countermeasures

  • True physical isolation
    • Separate buildings or compartments
  • Optical hardening
    • Disable or mask LEDs
    • No line-of-sight to displays
  • Magnetic field awareness
    • Distance-based separation
    • Shielding beyond Faraday cages
  • Thermal compartmentalization
    • Independent HVAC zones
  • Red-team side-channel testing

Illusory Countermeasures

  • TEMPEST certification as a checkbox
  • Reliance on Faraday cages alone
  • Assuming classified rooms are sensor-free
  • Prohibiting phones without addressing cameras, reflections, or wearables

7.3 Hospital & Medical Environments

Practical Countermeasures

  • Device zoning
    • Separate diagnostic, administrative, and public areas
  • Sensor minimization
    • Disable unnecessary microphones, speakers, sensors
  • Optical hygiene
    • Shield status LEDs
    • Reduce reflective surfaces near displays
  • Controlled maintenance access
    • Temporary connectivity with strict supervision
  • Awareness training
    • Focused on physical leakage, not just phishing

Illusory Countermeasures

  • Compliance-driven security checklists
  • Air-gapping without maintenance threat modeling
  • Assuming safety requirements override security risks
  • Relying on "no attacker would target a hospital" logic

8. Final Reality Check

  • Side-channel attacks bypass software entirely
  • Detection is rare, attribution is harder
  • AI turns theoretical channels into operational ones
  • Most defenses are optimized for auditors, not adversaries

If physical effects exist, they can be weaponized.
If they can be weaponized, they eventually will be.

9. Exfiltration vs Passive Leakage

Does Air-Gapped Exfiltration Require Prior Contamination?

9.1 Definitions

Prior Contamination

A system is considered contaminated if any attacker-influenced logic executes, including:

  • Malware or implants
  • Compromised firmware (BIOS/UEFI, SSD, GPU, NIC, BMC)
  • Malicious updates or signed drivers
  • Insider-installed tooling
  • Payloads embedded in trusted software or data files

A system with no prior contamination behaves exactly as designed.

Exfiltration

True exfiltration must be:

  • Intentional
  • Controllable
  • Repeatable
  • Capable of leaking arbitrary stored data

Anything that does not meet these criteria is not exfiltration.

9.2 Core Conclusion

True air-gapped data exfiltration is not possible without prior contamination of the source system.

What is possible without contamination is passive side-channel leakage.

9.3 Cases That Do NOT Require Prior Contamination (Passive Leakage Only)

The following cases observe unavoidable physical emissions produced during normal operation.
They do not encode data and cannot be used to extract arbitrary information.

9.3.1 Electromagnetic (EM) Emanations

Examples: EM leakage from wired keyboards, classical TEMPEST-style eavesdropping

Why no contamination is needed: Keystrokes naturally modulate EM fields

What can be recovered: Keystrokes, timing information

Hard limitations: Only during active typing. No access to stored data. No persistence.

9.3.2 Optical Leakage

Examples: Power / HDD / network LEDs, screen reflections, visual microphone scenarios

Why no contamination is needed: LEDs and displays expose activity by design

What can be recovered: Activity patterns, limited cryptographic operations during execution

Hard limitations: No encoding control. Highly context-dependent. Line-of-sight required.

9.3.3 Acoustic Leakage from Human Interaction

Examples: Typing sounds, mechanical keyboard clicks, mouse usage

Why no contamination is needed: Sounds are unavoidable byproducts of use

What can be recovered: Keystroke inference, behavioral patterns

Hard limitations: Environmental noise. No bulk data leakage.

9.3.4 Thermal Residue Leakage

Examples: PIN recovery from keyboards, touchscreen thermal imaging

Why no contamination is needed: Heat is a natural physical residue

What can be recovered: Recent inputs only

Hard limitations: Short time window. No persistence. No stored data access.

9.3.5 Human-Mediated Leakage

Examples: Shoulder surfing, CCTV observation, reflections on glasses or glossy surfaces

Why no contamination is needed: Information is voluntarily displayed to humans

Hard limitations: No automation. No scalability. No long-term channel.

9.4 Important Non-Cases (Often Misclassified)

Sensor Injection Attacks

Examples: Gyroscope injection, microphone injection

Clarification: These attacks inject signals into the system. They do not extract data from the system.

-> Not exfiltration.

"AI Enables Exfiltration Without Contamination"

False.

AI improves: signal reconstruction, noise filtering, decoding accuracy.

AI does not: select data, encode bits, control timing.

-> Encoding still requires code execution.

9.5 Why Exfiltration Fundamentally Requires Contamination

To exfiltrate arbitrary data, an attacker must:

Requirement Requires code execution
Data selection Yes
Bit encoding Yes
Signal modulation Yes
Timing & synchronization Yes
Error correction Yes
Persistence Yes

No passive physical phenomenon provides these capabilities.

9.6 Taxonomy Summary

Scenario Prior contamination required True exfiltration
EM keyboard leakage No No
LED activity leakage No No
Typing acoustics No No
Thermal residue No No
Screen reflections No No
Human observation No No
Any covert physical channel Yes Yes

9.7 Correct Threat-Model Statement

Without prior contamination, air-gapped systems may leak incidental information through passive side channels, but they cannot perform controlled data exfiltration.

9.8 Integrated Takeaways

  • Air-gaps eliminate logical channels, not physical ones
  • No contamination -> only passive leakage
  • Passive leakage != exfiltration
  • All real air-gap exfiltration requires prior compromise
  • Initial contamination is the hardest and most decisive phase
  • Exfiltration channels constrain bandwidth, not secrecy

Air-gapping mitigates risk -- it does not provide absolute isolation.

10. Alignment with NIST SP 800-53 and MITRE ATT&CK for ICS

10.1 NIST SP 800-53 Perspective: What Air-Gaps Actually Control

Under NIST SP 800-53, air-gapping primarily supports controls related to
information flow restriction, not absolute data protection.

Relevant Control Families

AC - Access Control

  • AC-4 (Information Flow Enforcement)
  • AC-19 (Access Control for Mobile Devices)

Air-gapping enforces logical information flow restrictions.
It does not prevent physical or side-channel information flows.

IA - Identification and Authentication

  • IA controls assume observable channels exist
  • Side channels bypass authentication entirely

Authentication controls are out of scope for side-channel exfiltration.

SC - System and Communications Protection

  • SC-7 (Boundary Protection)
  • SC-16 (Transmission of Security Attributes)
  • SC-40 (Wireless Link Protection)

SC controls largely assume network-mediated communication and explicit transmission channels.
Side-channel exfiltration operates outside the threat model assumed by SC controls.

PE - Physical and Environmental Protection

  • PE-18 (Location of System Components)
  • PE-19 (Information Leakage)
  • PE-20 (Asset Monitoring)

Most organizations implement PE controls for theft, tampering, and unauthorized access.
They rarely implement PE controls for EM emissions, optical leakage, or acoustic/thermal channels.

NIST-Compliant Statement

Air-gapping supports AC and SC controls related to logical information flow, but does not, by itself, satisfy PE-19 (Information Leakage) requirements against physical side channels.

10.2 NIST View on Prior Contamination

From a NIST standpoint, prior contamination maps to failures in multiple control families:

Contamination Vector NIST Control Families Implicated
Supply chain compromise SR, SA
Firmware implants SI, CM
Malicious updates SA, SI
Insider actions PS, IA
Maintenance channels MA

Air-gaps do not mitigate failures in SR (Supply Chain Risk Management) or MA (Maintenance).

10.3 MITRE ATT&CK for ICS: Where Exfiltration Fits -- and Where It Doesn't

MITRE ATT&CK for ICS is explicitly scoped to observable adversary behaviors,
logical and operational attack paths, and networked/host-based activity.

Relevant Tactics

Collection: ATT&CK focuses on logical data collection. Side-channel leakage during use is out of scope.

Exfiltration: Techniques assume network protocols, removable media, or logical channels.
Physical side-channel exfiltration is largely outside the current ATT&CK for ICS taxonomy.

Why This Matters

  • ATT&CK coverage gaps != attacker capability gaps
  • Side-channel exfiltration can occur without triggering any ATT&CK technique
  • Detection tooling aligned strictly to ATT&CK will miss these attacks entirely

10.4 Correctly Positioning Side Channels in ATT&CK-Based Threat Models

To remain ATT&CK-consistent, side-channel attacks should be modeled as:

  • Pre-ATT&CK conditions (environmental weaknesses)
  • Out-of-band exfiltration paths
  • Physical-layer exploitation beyond ATT&CK scope

Recommended Language

"The adversary leverages out-of-band physical side channels not currently enumerated within the MITRE ATT&CK for ICS framework, bypassing logical detection and control mechanisms."

10.5 Mapping Prior Contamination to ATT&CK for ICS

Phase ATT&CK Mapping
Supply chain implant Initial Access (Pre-Operational)
Maintenance channel abuse Initial Access
Insider-assisted logic Privilege Escalation
Firmware persistence Persistence
Side-channel exfiltration Outside ATT&CK scope

ATT&CK models how access is obtained, not how physics is abused.

10.6 NIST and ATT&CK

  • Air-gapping primarily enforces logical separation
  • Physical side channels fall under PE-19 (Information Leakage), not SC controls
  • True exfiltration requires prior compromise, mapping to failures in SR, SA, MA, or PS
  • Passive leakage without contamination exists, but is not exfiltration
  • MITRE ATT&CK for ICS does not fully model physical-layer exfiltration

Air-gapped architectures reduce exposure to network-based threats but do not, by themselves, prevent information leakage via physical side channels. Controlled data exfiltration via such channels requires prior system compromise, which falls outside the mitigations provided by air-gap controls alone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment