Jump to main content

Hacking the Air Gap: Stealing Data from a Computer that isn't Connected to the Internet

214 reviews


You might think that one sure-fire way to keep your computer safe from hackers is to disconnect it from the internet entirely. But did you know that even without internet, a computer can transmit data using light, sound, vibrations, or even heat? In this project, you will investigate how a spy or hacker can steal data from an "air-gapped" computer that has no internet connection. You can even use a smartphone equipped with a sensor app to demonstrate how the data can be picked up by a nearby smartphone.


Areas of Science
Time Required
Average (6-10 days)
Material Availability
Desktop or laptop computer required. See materials list for details.
Very Low (under $20)
Some methods proposed in this project can cause your computer to overheat if you are not careful. This may damage your computer. See the procedure for details.
Ben Finio, PhD, Science Buddies


Investigate how an air-gapped computer can transmit data using physical quantities like light, sound, vibration, or heat, even without an internet connection.


If you read the news, you have probably read about data being hacked or stolen from computers or phones. The hacks can range from revealing embarrassing personal details to credit card numbers or contact information, and can happen to single individuals or entire companies. There are some practices you can follow to keep your data safe online, like using strong passwords, avoiding clicking on suspicious links or downloading email attachments from people you do not know, and keeping the security software on your computer up to date. But what can you do to make sure your data is completely, 100% safe? What if you disconnect your computer from the internet entirely, by physically unplugging the ethernet cable or turning off Wi-Fi? Could that prevent anyone else from accessing your data?

That might seem like an extreme measure for an average internet user. After all, most of what you use your computer for probably involves the internet. If you are not online, then you cannot play games with friends, watch movies, or use social media. But sometimes, companies and governments have extremely sensitive information (like classified military documents) or computers that control very important equipment (like a nuclear power plant). They do not want to risk those computers being hacked, so the computers are air-gapped—they are not physically connected to the rest of the internet (Figure 1). Normally, computers are connected to the internet through a router or modem via either a hardwired or wireless connection. Those routers/modems are connected to servers, which are connected to other servers...indirectly connecting millions of computers all around the world. An air-gapped computer is physically separated with no hardwired or wireless connection to the rest of the internet. It may still be part of an air-gapped network, and connected to other computers on a private network, but not the rest of the internet.

Diagram of a computer separated from a network
Figure 1. Diagram of an air-gapped computer.

So, what if you are a hacker or a government spy and you want to install malware (malicious computer software) on an air-gapped computer? How could you do it? One method involves using social engineering to trick people into inserting removable media (like a CD or USB flash drive) into the computer. This is a way to physically transport data to the computer without an internet connection, and was used to spread the Stuxnet virus in Iran (see Wired.com article in bibliography). That might be a good way to get data on to a computer, but how do you get data off the computer? What if you cannot get the USB flash drive back?

Computers send information using binary code, a series of ones and zeroes (also called on/off, high/low, or true/false). Normally, whenever you download a song, view a website, or send an email, these ones and zeroes are sent as electronic signals through a wire like an ethernet cable, or as electromagnetic waves through a connection like Wi-Fi or Bluetooth. An air-gapped computer physically lacks the means to send signals over a wired or wireless connection. However, even without an internet connection, computers still transmit signals into the world around them. They make noise, they blink lights, they vibrate, and they get hot. Light, sound, vibration, and heat are all physical quantities that we can use to send information. For example, imagine clicking a flashlight on and off to send binary code—"on" for 1, and "off" for 0. We can observe these physical quantities with our own senses like sight, sound, and touch; and we can also measure them with electronic sensors. For example:

Many of these sensors are built into a device that most of us carry around every day—a smartphone! What if an office building has some air-gapped computers with sensitive information on them, but employees are allowed to have their personal phones in the building? If the computer can transmit a binary signal using some physical quantity that can be measured with a sensor, then the phone could record the signal. This can happen even though the phone and computer are not connected to each other through the internet. If the air-gapped computer has malware installed on it (for example, using a USB flash drive like with the Stuxnet virus, or by a disgruntled employee), it could be forced to broadcast sensitive information like secret files or passwords.

The bibliography contains a very extensive list of references that show how computers without an internet connection can transmit a signal, using a variety of physical methods and sensors (including some that were not mentioned in this introduction). In this project, you will investigate one (or more) of these methods to determine how you can send a signal from an air-gapped computer to a nearby sensor with the help of a sensor app. You will not need to write your own malware to do this—as a proof of concept, you can use controls that are built-in to your computer or operating system (for example, to change the screen brightness). You will attempt to answer questions like "What is the range of the signal?" and "Will a human using the computer notice the signal?" The exact method you pick and procedure you follow will be up to you, but the materials and procedure sections contain plenty of tips to get you started.

Terms and Concepts



This list provides links to many articles and publications about how data can be sent from air-gapped computers using a variety of physical methods, including some that were not discussed in the introduction. You do not need to read all of them—choose one or more specific topics that interest you to read about in more depth. Some of the links are to academic publications. It is OK if you do not understand all of the technical details in the publications. You should at least have an understanding of what physical quantity is being controlled and how it is being measured (for example, changing fan speed to change how loud the computer is, and using a microphone on a nearby smartphone to measure the noise).

Materials and Equipment

The materials (and software) you need for this project will depend on what physical quantity you want to measure and how you will record it. Here are some suggestions:

Disclaimer: Science Buddies participates in affiliate programs with Home Science Tools, Amazon.com, Carolina Biological, and Jameco Electronics. Proceeds from the affiliate programs help support Science Buddies, a 501(c)(3) public charity, and keep our resources free for everyone. Our top priority is student learning. If you have any comments (positive or negative) related to purchases you've made for science projects from recommendations on our site, please let us know. Write to us at scibuddy@sciencebuddies.org.

Experimental Procedure

Cybersecurity Project Warning

Cybersecurity projects can be fun, but they can also get you in trouble if you are not careful. Make sure you follow these rules when doing a cybersecurity project:

  • Do not attack any individual, computer, system, or network without consent from the individual (or person who owns the computer). For example, do not try to guess someone's email password and log into their account unless you get their permission first, or try to hack into a website without permission from the owner of the website.
  • Even if you have consent to perform an attack, the attack should be for learning purposes only, and you should help the individual or organization fix any problems you find (this is known as "white hat" hacking). For example, if you are able to guess someone's password, you should tell them they need to pick a stronger password (and help them learn how). Do not read their emails, change any of their account settings, look at private information or files like pictures, or tell anyone else their password.
  • If your project involves human subjects, even if you have their consent, you may still need approval from your science fair or an Institutional Review Board (similar to the rules for psychology or medical experiments). See this page for more information.
  • Do not pretend to be a different person, company, or other organization online. This includes pretending to be someone else on a social media site, setting up fake websites designed to look like real websites from reputable companies, or sending "phishing" or other emails designed to look like they were sent by someone else. (A controlled experiment where only study participants have access to examples of such websites or emails would be OK.)
  • Do not use data that was illegally obtained (for example, contact information stolen from a company's employee database), even if it was stolen by someone else and already posted online.
  • Do not publicly post sensitive personal information, even if it was obtained with consent. For example, if your project involves accessing people's contact information (legally), do not post someone's name and address in the "Results" section of your science fair display board. You should destroy any such information (by shredding paper or deleting files) when you are done with your project.
  • Do not install or run any malicious software (viruses, malware, spyware, trojans, etc.) on a computer that is connected to the internet. The software could easily spread to other computers and get out of your control.

If you have any doubts or questions about your project, check with your teacher or science fair administrator before you start.

Note: You can use a smartphone equipped with a sensor app such as phyphox for many of the options in this project.

Note: Phyphox does not support the light sensor on iOS devices. If you need the light sensor, you have to use Android devices for your experiment. Note that on some devices the light sensor is only updated when there is a coarse change of illuminance. This means that if the light intensity does not change or only changes slightly, the sensor appears to not record any data. The recording will continue once the light intensity changes again. If your experiments allows, it helps to wiggle the phone or the light source (e.g. flashlight) slightly to induce minimal reading fluctuations and keep the sensor active.
If you use the phyphox app to measure the amplitude of sounds, you will need to calibrate the sensor first to get correct decibel readings on your device. The sensor has to be recalibrated between individual recordings. Instructions on how to do the phyphox sound sensor calibration are provided in the video below.
  1. Choose a physical quantity that you want to use to send a signal from your computer. Review the information in the background section and bibliography to help you decide.
  2. Find out how you will control that physical quantity on your computer. How you do this will depend on your computer and operating system. The controls could be built in to your computer's hardware (like buttons on the monitor to control the brightness) or operating system (like an icon in the taskbar to control the volume). Some quantities might require third-party software (like a program to control fan speed) or websites (like a site to play audio tones at different frequencies). If you cannot figure out how to control a certain quantity on your computer, search for help documentation online, for example "windows 10 control screen brightness." Some suggestions are provided in Table 1.
  3. Decide how you will measure the physical quantity. Refer to the materials section and Table 1 for a list of suggested sensors, several of which are already built in to your phone.

Warning: be extremely careful if you choose a method that could cause your computer to overheat, like running a stress test or manually controlling the cooling fans. These methods could cause permanent damage to your computer if it gets too hot.

Quantity How to change it How to control it How to measure it
Light Blinking LEDs Read or write large files to hard drive Video camera
Screen brightness Buttons on monitor, keyboard, or operating system taskbar Phone equipped with a sensor app (light sensor) or lux meter
Ultrasonic sound Speakers Website like onlinetonegenerator.com Phone equipped with a sensor app (microphone or audio amplitude sensor) or decibel meter
Audible sound Fan speed Third-party program like SpeedFan Phone equipped with a sensor app (microphone or audio amplitude sensor) or decibel meter
Vibration Keyboard/mouse Typing/clicking Phone equipped with a sensor app (accelerometer)
Temperature CPU or graphics card Stress-test program like Prime95 or FurMark Infrared thermometer
Electrical power Monitor, CPU, graphics card Screen brightness; stress-test program like Prime95 or FurMark Electricity usage meter
Table 1. Some examples of physical quantities, how you can control them, and how you can measure them. This list is not exhaustive and the third-party programs like SpeedFan, Prime95, and FurMark are just suggestions. You may need to look up other programs that work for your computer and operating system.
  1. Find out if you can send a binary signal from the computer to your sensor by changing the physical quantity you have selected. For example, if you change a computer's fan speed between 50% and 100% (do not set the fan speed to 0%, your computer will overheat!), can you detect the change while recording data with the microphone in your sensor app (audio amplitude function in phyphox)? If so, then you can send binary data, for example "1001" by setting the fan speed to either 100% (for 1) or 50% (for 0) in 1-second intervals?
  2. Determine the range of your signal. How far away can the sensor be? Does it require direct line-of-sight to the computer? Can it be in a different room? For example, if you are using a camera to watch an LED blink on the computer, how far away can the camera be before you can no longer see the LED?
  3. Examine how vulnerable your signal is to noise and interference. For example, if you are using an accelerometer to detect keyboard vibrations, what happens when people walk around the room or slam a desk drawer? If you are using a microphone to measure sound, what happens when people in the room talk?
  4. Figure out the bit rate of your signal, or how fast it can transmit data. How many 1's and 0's can you send per second, per minute, or per hour? For example, if you are running a CPU stress test to heat your computer up, how long does it take to notice a measurable increase in temperature of the computer's case with an infrared thermometer? How long does it take for the computer to cool back down?
  5. Investigate whether your signal would be detectable by a person using the computer or in the room. For example, fluctuating the monitor brightness between 0 and 100 might be very obvious to someone sitting right in front of it, but they might not notice if you change the brightness from 80 to 85. Can you send a signal that is below the threshold of human perception, but still detectable by the electronic sensor you are using?
  6. In order to defend against cyberattacks, you have to think like a hacker. You have just worked through how you can send a binary signal from an air-gapped computer to a nearby sensor. While you controlled the signal manually, in the real world, malware could use the signal to transmit sensitive information like passwords or classified documents. Now think on the defensive side. How could you prevent that signal from being sent or received? Imagine you are in charge of cybersecurity for a company that has sensitive information stored on air-gapped computers in an office building. What policies and procedures would you put in place to protect your air-gapped computers from cyberattacks? Is it sufficient just to bar employees from bringing their phones into the room? What if some signals can be sent through walls, or the computers are in rooms with windows? If you think dealing with these challenges sounds fun, then you might want to consider a career in cybersecurity. See the careers section to learn more.
icon scientific method

Ask an Expert

Do you have specific questions about your science project? Our team of volunteer scientists can help. Our Experts won't do the work for you, but they will make suggestions, offer guidance, and help you troubleshoot.

Global Connections

The United Nations Sustainable Development Goals (UNSDGs) are a blueprint to achieve a better and more sustainable future for all.
This project explores topics key to Industry, Innovation and Infrastructure: Build resilient infrastructure, promote sustainable industrialization and foster innovation.


  • Choose multiple methods from the background section and compare them using the questions described in the procedure. What method has the greatest range? Which one has the fastest bit rate? Which one is least likely to be noticed by humans using the computer? Based on the answers to all your questions, if you were a hacker who wanted to steal data from an air-gapped computer, which method would you choose? If you were in charge of cybersecurity for a company or government, which method would you consider the biggest threat? How would you defend against multiple possible threats?
  • In this project, you used built-in controls or third-party programs to manually control physical quantities on your computer like screen brightness or fan speed. Can you write a program in a language of your choice (Python, C++, etc.) that controls the quantity instead, and use it to transmit a binary signal? Does using software to do this allow you to transmit data faster or make the signal harder for a human to notice, for example by flickering the monitor or an LED faster than human vision can detect?
  • Do this project with a friend. Have one person be the attacker and one person be the defender. The hacker should devise a way to transmit a binary signal from the computer automatically (for example, write a program to emit ultrasonic beeps that a human cannot hear). Keep this method hidden from the defender. The defender should try to discover how data is being transmitted and figure out how to prevent it. You can take turns being the attacker and defender, or use two different computers and work at the same time.


If you like this project, you might enjoy exploring these related careers:

Career Profile
Have you ever seen a story on the news about how a company or government agency was "hacked" and people's personal information, like names, addresses, or credit card numbers, was stolen? It is an information security analyst's job to prevent that from happening. Organizations hire information security analysts to analyze possible threats against their computer systems, which can range from malicious hackers trying to steal data to careless employees who accidentally forget to log out of a… Read more
Career Profile
Mathematicians are part of an ancient tradition of searching for patterns, conjecturing, and figuring out truths based on rigorous deduction. Some mathematicians focus on purely theoretical problems, with no obvious or immediate applications, except to advance our understanding of mathematics, while others focus on applied mathematics, where they try to solve problems in economics, business, science, physics, or engineering. Read more
Career Profile
In movies and in the media, computer hackers are often portrayed as the bad guys—criminals who steal money or important information. What if you could be a good hacker? Somebody whose job is to find security flaws in computer systems; but rather than exploiting them for personal gain, you help fix the problems before criminals can find them? That is what ethical hackers—also called "white hat" hackers—do. Companies pay them to intentionally try to break into their systems to… Read more
Career Profile
Security incident responders, also called intrusion analysts or incident response engineers, are like the "firefighters" of the cyber world. Companies can take steps to safeguard their computer networks and systems, but sometimes prevention is not enough and cyber attacks still happen. Sensitive data like customer credit card information can be stolen, entire websites could be brought down or altered, or personal contact information can be leaked. When this happens, incident responders must act… Read more

News Feed on This Topic

, ,

Cite This Page

General citation information is provided here. Be sure to check the formatting, including capitalization, for the method you are using and update your citation, as needed.

MLA Style

Finio, Ben. "Hacking the Air Gap: Stealing Data from a Computer that isn't Connected to the Internet." Science Buddies, 27 Apr. 2021, https://www.sciencebuddies.org/science-fair-projects/project-ideas/Cyber_p006/cybersecurity/air-gap-computer-hacking. Accessed 27 Feb. 2024.

APA Style

Finio, B. (2021, April 27). Hacking the Air Gap: Stealing Data from a Computer that isn't Connected to the Internet. Retrieved from https://www.sciencebuddies.org/science-fair-projects/project-ideas/Cyber_p006/cybersecurity/air-gap-computer-hacking

Last edit date: 2021-04-27
Free science fair projects.