Researchers Find Novel Method to Exfiltrate Sensitive Data from Computer Screens

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Exfiltrating sensitive data from computers isn’t only taking place on the software, firmware, or even hardware level. Researchers have long been fascinated by the potential to transform seemingly useless streams of data into sensitive information revelators, using their own specially crafted “Rosetta stone”. Physical elements like power fluctuations, ultrasonic waves, radio frequencies, or even the heat that is generated on a computer can be potentially translated to actual data as long as there is a comprehensive correlation system.

In the latest case, researchers from the Ben Gurion University, in Israel, led by cyber-security expert Mordechai Guri, have figured a way to exfiltrate sensitive data from an air-gapped computer only by monitoring the screen’s brightness fluctuations. The term “air gap” in networking means that the computer is physically isolated, not connected to the public internet, and not connected to a local area network. In the video below, the researchers demonstrate how their system works by exfiltrating the text of “Winnie-the-Pooh”.

For this to work, the researchers have planted a brightness modulating malware onto the system, which modulates the data in ASK, creating slightly differentiated “1” or “0” states. These slight changes in the brightness of LCD screens are totally invisible to the human eye, but the researchers’ system is perfectly capable of capturing and translating them. As the research paper writes: “In LCD screens each pixel presents a combination of RGB colors which produce the required compound color. In the proposed modulation, the RGB color component of each pixel is slightly changed. These changes are invisible since they are relatively small and occur fast, up to the screen refresh rate. Moreover, the overall color change of the image on the screen is invisible to the user.”

hacking-air-gapped-computers

Source: Hacker News

An attacker could potentially capture a video of the target system’s screen by using a surveillance camera that points there, a nearby webcam, or a smartphone. This means that the data can be captured and analyzed later on image processing tools, so merely allowing your screen to be recorded on video is dangerous not only for the present but also for the future. Of course, for this to work, there’s the prerequisite of planting the associated modulation malware first. However, and considering that the user isn’t realizing anything wrong after the infection, detecting the malware’s presence is hard and one should be extra cautious if any cameras are pointing to their screens.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: