This post is also available in: heעברית (Hebrew)

Researchers from Ben-Gurion University of the Negev in Israel have figured out a way to steal information from an isolated computer not connected to the internet (air-gapped computer). This could be a threat to high-value targets, such as supply chains, critical infrastructures, etc. By taking advantage of small changes in color and brightness on LCD monitors, bad actors could use cameras to “see-through” the ordinary screen’s content, revealing vulnerable data.

In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can’t connect wirelessly or physically with other computers or network devices. The technologies exploited little-noticed emissions of a computer’s components, such as light, sound, heat, radio frequencies, or ultrasonic waves, and even using the current fluctuations in the power lines. However, the potential attackers could not always count on an insider to unknowingly carry a USB with the data back out of a targeted facility. 

Research by a team led by Mordechai Guri, head of the cybersecurity research center at Ben Gurion University, devised a new covert optical channel using which attackers can steal data from air-gapped computers without requiring network connectivity or physically contacting the devices.

“This covert channel is invisible, and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys, and passwords), and modulate it within the screen brightness, invisible to users,” the researchers said.

The fundamental idea behind encoding and decoding of data is similar to the previous cases, i.e., malware encodes the collected information as a stream of bytes and then modulate it as ‘1’ and ‘0’ signal. In this case, the attacker uses small changes in the LCD screen brightness, which remains invisible to the naked eye, to covertly modulate binary information in morse-code like patterns, according to

Ben-Gurion researchers have already come up in the past with various covert techniques to target air-gapped computers. 

Although this kind of attack would be complicated to pull off, it’s an example of ways that researchers are trying to stay one step ahead of the hackers, according to

Interested in the latest cyber technologies? Attend i-HLS’s InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020 at Expo Tel Aviv, Pavilion 2.

For details and registration