A new method of stealing data from air-gapped computers were found and demonstrated by academics from Israel. It can be done by making some small adjustments to an LCD screen’s brightness settings.
These adjustments are not easily noticeable to the human eye, but it can be detected and extracted from video feeds algorithmically.
The users must be aware of this innovative method of stealing data, as this kind of attack is not known to the regular users and are highly unlikely to ever encounter it.
The attack which has been named BRIGHTNESS was designed for air-gapped setups where computers are kept on a separate network without any internet access.
Air-gapped computers are usually found in government systems that store top-secret documents or enterprise networks for storing non-public proprietary information.
The hackers must first find a technique to infect these systems such as using an infected USB thumb drive plugged into these systems.
Stealing data out of air-gapped networks is very difficult. A team of academics at the Ben-Gurion University of the Negev in Israel have specialized themselves in this. They were studying ways of extracting data from already-infected air-gapped systems for the past several years.
Working of “BRIGHTNESS” attack
The steps of attack include
- Infecting an air-gapped system.
- The malware that runs on the infected computer collects the data that needs to be stolen.
- The malware changes the screen’s color settings to modify the brightness level.
- The brightness level is adjusted up/down in order to relay a 0/1 binary pattern that transmits a file, one bit at a time.
- A nearby attack records the screen of the infected computer.
- The video is then analyzed and the file is reconstructed by analyzing the variations in the screen’s brightness.
According to the research team, the BRIGHTNESS attack was tested in several configurations. They received the best results by modifying the Red color pixels with around 3% from their normal settings.
This minute change is not visible to the human eye due to the high refresh rates on modern LCD screens. But it can be picked up by modern high-resolution video cameras that often come with webcams, smartphones, laptops, or security camera equipment.
However, this method of transmitting data is a slow. Process. The maximum speed reported were 5-10 bits/second, which is a very low transmission speed.
This speed is useful only to steal a small encryption key and not a 1GB ZIP archive.
The research team says that the best way to prevent the BRIGHTNESS attack is to apply polarized film on top of computer screens. Doing this will let the user gets a clear view while humans and cameras at a distance gets only a darkened display.