- Israeli researchers have discovered a method to exfiltrate data from air-gapped systems
- Using an optical covert channel called BRIGHTNESS, attackers can leak stolen data
- The malware modulates LCD screen brightness (RGB components), in coordination with the data to be exported
- A hacked security camera records the screen and the data is reconstructed bit by bit by the hackers
- Using a polarized film over the screen can contain the attack
Every once in a while, we are amazed by our own capabilities to surpass the seemingly impossible.
In recent news, it has been discovered that it is possible to steal and exfiltrate data from air-gapped computers by tweaking their screen brightness.
What! Yes, just a minor RGB shift in the colors of the LCD screen can lead to a slow leak of stolen information.
Read below to know how this is possible.
The process of exfiltrating data using screen brightness:
Air gapped computers are those that aren’t connected to the internet or a local area network at all in order to maintain privacy and security.
This kind of networking is used to store highly classified information which means that any kind of data transfer is also carried out through physical means like a USB.
Mostly government sectors like nuclear energy, aviation, military and even stock exchange use air gapped systems.
It’s not difficult to get the malware inside the systems, but it is painstaking for hackers to get the malware to export data out of those systems.
Academic researchers have discovered various methods to carry out successful data exfiltration from these solitary computers and some of them include using sound waves, electromagnetic emissions, GPU fan, heat waves, infrared, and even power lines.
This new revelation is an addition to these and is being called the BRIGHTNESS attack.
Mordechai Guri, Dima Bykhovsky and Yuval Elovici from the Ben-Gurion University of the Negev, Israel has published a paper demonstrating how an optical stealth channel is used to export data, one bit at a time, from an LCD screen, without g a generating a drop of suspicion in the user.
See the video below and notice the slight changes in the screen on the left side.
How is the data exported to the attackers?
Through security cameras. Once the malware has done its work by collecting the confidential data and modulating the screen brightness, the security cameras record the feed where the hackers can interpret the data being spilt out by the slightly flickering screen in its own covert language.
Only an HD camera can notice the slight RGB modulation and interpret the screen’s morse code. Source: arxiv.org
The visual manipulation is so minor that it can’t be ascertained through the naked eye, hence there is no chance of getting caught once the hacking operation has begun.
A 0 and 1 pattern is transmitted through the screen which is later recreated into meaningful data by the attackers.
Note that the video camera that is recording the whole screenplay has to be hacked as well in order to successfully exploit this vulnerability.
R from RGB has been slightly modified to send out information in 0s and 1s. Source: arxiv.org
How bad is it and what can you do?
Even though the data exfiltration in this case resembles a leaking roof that is dripping one drop of water at a time, the attack can still be fatal to organisations.
Stealing large files might not be that feasible since the maximum exfiltration speed is 5-10 bits/second, but stealing an encryption key will be highly beneficial.
To protect from such attacks, researchers have suggested that the users can install a polarized film over their screens which will darken the screen view for the far away cameras without hampering the user’s own view.
Other methods include not allowing any cameras near the computers, and restricting access to computers with highly sensitive data.
Do you remember the news where researchers had discovered that the infrared technology of smart bulbs could be used to exfiltrate a user’s private information?
What do you think about this news? Speak your thoughts in the comments section below.
Share this article with friends and family, especially if they work in the government sector and deal with highly confidential air-gapped systems.
Stay tuned, stay safe.