Tuesday, December 3, 2024
Homecyber securityHackers Can Exfiltrate Sensitive Data from Air-Gapped Computers Using Screen Brightness

Hackers Can Exfiltrate Sensitive Data from Air-Gapped Computers Using Screen Brightness

Published on

SIEM as a Service

New cybersecurity research shows that attackers can exfiltrate sensitive information from the air-gapped computers by manipulating the brightness of the screen.

The attack was discovered by a team of researchers from Ben-Gurion University of the Negev, Israel. The air-gapped computer attack introduces a new covert channel.

With the new optical covert channel attacker can exfiltrate the data while the user is working on the computer.

- Advertisement - SIEM as a Service

How the Attack Works

The attack assumes that the targeted system is already infected with the malware and by this optical covert channel method, attackers can exfiltrate data bypassing intrusion detection systems (IDS), firewalls and AV programs.

The malware collects sensitive information from the installed computer and then it encodes the data as a stream of bytes and modulates on the screen.

It is invisible to the human eye, but by recording the computer screen with a camera attackers can reconstruct the sensitive information by using image processing techniques.

optical covert channel

Researchers described two possible attack scenarios:

  • A malicious insider within the lime of compromised computer
  • A compromised local attacker for which the attacker has access to

With the attack model proposed by researchers, the RGB color component of each pixel is slightly changed and the changes are relatively small, fast and invisible.

Here you can find the video demonstration of the attack.

More details of the attack can be found in the paper published by researchers titled “BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness“.

Mitigations

  • Restricting access to sensitive computers
  • Prohibition of recording devices in the sensitive area
  • Using polarized film to cover the screen

Other Air-Gapped Computers Attack

Hackers can use Power Lines to Steal Data from Air-Gapped Computer

CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

Hackers can use Surveillance Cameras and Infrared Light to Transfer Signals to Malware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Shut Down Phishing Attacks -Detection & Prevention Checklist

In today's interconnected world, where digital communication and transactions dominate, phishing attacks have become...

Why the MITRE ATT&CK Evaluation Is Essential for Security Leaders

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed...

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical...