Since the kickstart of technology, hackers are finding new and more innovative ways to hack devices to access sensitive documents, financial information and much more.
Researchers at the Ben-Gurion University of the Negev in Israel have demonstrated a detailed new method for stealing data from air-gapped computers using an LCD’s brightness!
Here are the details…
What is the ‘Brightness’ infiltration?
There are already ways to siphon data from computers without a network connection, meaning transfer of data from a computer by ‘touching it’.
The method depends on making small changes to an LCD screen’s brightness settings. The changes are undetectable to the human eye. These changes in the RGB values of the LCD screen can be detected by a camera-equipped device
How does this Attack work?
Malware can be installed in the computer using an infected USB drive, but getting the data from the air-gapped system is the harder part.
The process starts with infecting the air-gapped computer with the malware. The malware then collects the required data from the infected computer. The malware adjusts screen colour setting to set a brightness level.The brightness level is adjusted up/down in order to transfer a 0/1 binary pattern that transmits a file, one bit at a time.
A nearby camera device records the screen of the infected computer. The video is analyzed and the file is reconstructed by analyzing the variations in the screen’s brightness.
No Need to Worry!
Regular users are said to be safe from this attack as air gapped computers are often found in government systems that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information.
This attack was designed for air-gapped setup computers– where computers are kept on a different network with no internet access.
The team of academics at the Ben-Gurion University of the Negev in Israel reported that however, transmitting data this way is extremely slow. The maximum speeds of 5-10 bits/second, which is an incredibly low transmission speed — among the lowest of all the air-gap exfiltration attacks. The speed may be helpful in picking up small encryption codes but not heavy files.
How to Save the Air-Gapped Computer System from the “Brightness” Attack?
The research team says that the easiest way to thwart BRIGHTNESS attacks is to apply polarized film on top of computer screens.
They said, “The user gets a clear view while humans and cameras at a distance would view a darkened display.”