The conventional wisdom of computer security holds that the most sensitive data should live exclusively in “air-gapped” systems without a network connection. Still, no security protocol is completely foolproof. We’ve seen a few methods of extracting data from air-gapped systems, and the latest is particularly insidious. Researchers from Ben Gurion University have devised a way to leak data from a computer via changes in display brightness.
Similar to some past methods of data extraction, the system demonstrated by Ben Gurion University requires some planning. It’s not (thankfully) a vulnerability in any software or hardware that someone can exploit to steal data. Instead, an attacker would need access to the computer to install a piece of malware. They could also use social engineering to get someone who has legitimate access to an air-gapped system to load malware.
The exploit developed by the team takes the data from the secure system and encodes it as binary. To exfiltrate the data, you need a camera near the system that can see the screen. By making subtle changes in the monitor’s RGB color values, the malware sends the 1s and 0s visually. The changes can also flip on and off as fast as the monitor refreshes. Someone sitting at the computer won’t notice anything amiss, but their actions could slowly trickle out on a video feed. Even looking at static screen images of “0” and “1” signals would not tip anyone off.
You can see the technique at work in the video above. The variations in the “filtered” side are almost imperceptible, so no one has any hope of spotting them unaided. The complicated setup is a drawback of this attack, and you’re also not going to get a lot of data. Under ideal conditions, the Ben Gurion University team was able to extract 5 bits per second from the air-gapped machine. That’s about 60 times slower than an old-fashioned Bell 300 baud dial-up modem from the 1970s. This is enough to grab text from the system, but that’s it.
This is not something you need to worry much about — there are much easier ways to steal data from devices that connect to the internet. This approach also requires a lot of setup and planning just to steal a few bits of data. Still, it’s just one more thing for people in highly secure facilities to worry about.
- Hard drive sounds used to steal data from air-gapped computers
- Researchers Steal Data From Air-Gapped Computer Over Power Lines
- Computer coughs up passwords, encryption keys through its cooling fans