Tuesday, March 11, 2025
Homecyber securityHackers Can Exfiltrate Sensitive Data from Air-Gapped Computers Using Screen Brightness

Hackers Can Exfiltrate Sensitive Data from Air-Gapped Computers Using Screen Brightness

Published on

SIEM as a Service

Follow Us on Google News

New cybersecurity research shows that attackers can exfiltrate sensitive information from the air-gapped computers by manipulating the brightness of the screen.

The attack was discovered by a team of researchers from Ben-Gurion University of the Negev, Israel. The air-gapped computer attack introduces a new covert channel.

With the new optical covert channel attacker can exfiltrate the data while the user is working on the computer.

How the Attack Works

The attack assumes that the targeted system is already infected with the malware and by this optical covert channel method, attackers can exfiltrate data bypassing intrusion detection systems (IDS), firewalls and AV programs.

The malware collects sensitive information from the installed computer and then it encodes the data as a stream of bytes and modulates on the screen.

It is invisible to the human eye, but by recording the computer screen with a camera attackers can reconstruct the sensitive information by using image processing techniques.

optical covert channel

Researchers described two possible attack scenarios:

  • A malicious insider within the lime of compromised computer
  • A compromised local attacker for which the attacker has access to

With the attack model proposed by researchers, the RGB color component of each pixel is slightly changed and the changes are relatively small, fast and invisible.

Here you can find the video demonstration of the attack.

More details of the attack can be found in the paper published by researchers titled “BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness“.

Mitigations

  • Restricting access to sensitive computers
  • Prohibition of recording devices in the sensitive area
  • Using polarized film to cover the screen

Other Air-Gapped Computers Attack

Hackers can use Power Lines to Steal Data from Air-Gapped Computer

CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

Hackers can use Surveillance Cameras and Infrared Light to Transfer Signals to Malware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical Microsoft’s Time Travel Debugging Tool Vulnerability Let Attackers Mask Detection

Microsoft’s Time Travel Debugging (TTD) framework, a powerful tool for recording and replaying Windows...

ServiceNow Acquires Moveworks for $2.85 Billion to Boost AI Capabilities

In a landmark move to strengthen its position in the rapidly evolving artificial intelligence...

Apple iOS 18.4 Beta 3 Released – What’s New!

Apple released iOS 18.4 Beta 3 on March 10, 2025, for developers, with a...

Researcher Hacks Embedded Devices to Uncover Firmware Secrets

In a recent exploration of embedded device hacking, a researcher demonstrated how to extract...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Researcher Hacks Embedded Devices to Uncover Firmware Secrets

In a recent exploration of embedded device hacking, a researcher demonstrated how to extract...

North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics...

Ragnar Loader Used by Multiple Ransomware Groups to Bypass Detection

Ragnar Loader, a sophisticated toolkit associated with the Ragnar Locker ransomware group, has been...