Academics steal data from air-gapped systems using screen brightness variations [zdnet]
by CIRT Team
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers.
The method relies on making small tweaks to an LCD screen’s brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods.
This article describes this innovative new method of stealing data, but readers should be aware from the start that this attack is not something that regular users should worry about, and are highly unlikely to ever encounter it.
Named BRIGHTNESS, the attack was designed for air-gapped setups — where computers are kept on a separate network with no internet access.
Air-gapped computers are often found in government systems that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information.
Creative hackers might find a way to infect these systems — such as using an infected USB thumb drive that’s plugged into these systems — but getting data out of air-gapped networks is the harder part.
This is where a team of academics at the Ben-Gurion University of the Negev in Israel have specialized themselves. For the past few years, they’ve been studying ways of extracting data from already-infected air-gapped systems.
Never again be at a loss for a Microsoft Windows Server 2003 command. Our well-organized charts put 71 system, file system, Active Directory, and networking commands at your fingertips. Hundreds of parameters and switches are also included!Tools & Templates provided by TechRepublic Premium
Past academic research into the field includes data exfiltration techniques like:
- LED-it-Go – exfiltrate data from air-gapped systems via an HDD’s activity LED
- USBee – force a USB connector’s data bus give out electromagnetic emissions that can be used to exfiltrate data
- AirHopper – use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
- Fansmitter – steal data from air-gapped PCs using sounds emanated by a computer’s GPU fan
- DiskFiltration – use controlled read/write HDD operations to steal data via sound waves
- BitWhisper – exfiltrate data from non-networked computers using heat emanations
- Unnamed attack – uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems
- xLED – use router or switch LEDs to exfiltrate data
- aIR-Jumper – use a security camera’s infrared capabilities to steal data from air-gapped networks
- HVACKer – use HVAC systems to control malware on air-gapped systems
- MAGNETO & ODINI – steal data from Faraday cage-protected systems
- MOSQUITO – steal data from PCs using attached speakers and headphones
- PowerHammer – steal data from air-gapped systems using power lines
- CTRL-ALT-LED – steal data from air-gapped systems using keyboard LEDs
HOW THE “BRIGHTNESS” ATTACK WORKS
The new BRIGHTNESS attack is similar to all the methods described above. The steps are described below:
- Infect air-gapped system.
- Malware running on the infected computer collects the data it wants to steal.
- Malware alters a screen’s color settings to modify the brightness level.
- The brightness level is adjusted up/down in order to relay a 0/1 binary pattern that transmits a file, one bit at a time.
- A nearby attack records the screen of the infected computer.
- The video is analyzed and the file is reconstructed by analyzing the variations in the screen’s brightness.
The research team said it tested the BRIGHTNESS attack in several configurations. Researchers say they had the best results by modifying the Red color pixels with around 3% from their normal settings.
For more, click here.