DATA HACKING: Attackers Can Now Steal Your Data Using Screen Brightness
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers.
The method relies on making small tweaks to an LCD screen's brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods.
This article describes this innovative new method of stealing data, but readers should be aware from the start that this attack is not something that regular users should worry about, and are highly unlikely to ever encounter it.
Named BRIGHTNESS, the attack was designed for air-gapped setups -- where computers are kept on a separate network with no internet access.
Air-gapped computers are often found in government systems that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information.
Creative hackers might find a way to infect these systems -- such as using an infected USB thumb drive that's plugged into these systems -- but getting data out of air-gapped networks is the harder part.
This is where a team of academics at the Ben-Gurion University of the Negev in Israel have specialized themselves. For the past few years, they've been studying ways of extracting data from already-infected air-gapped systems.
What is An Air-Gapped Computer?
Now, an “air-gapped” computer is a computing machine that is isolated from any unsecured networks. That is, you cannot connect it to the internet or any other machines that connect to the internet. A true air-gapped computer is also physically isolated. This means that you have to use physical devices like USB drives or removable media drives to transfer data.
In his latest research, Mordechai Guri, the head of cybersecurity at the Ben Gurion University, along with other researchers made a secret optical channel that can be used by an attacker to steal computer data from an air-gapped computer without using any network connectivity or physically contacting the machine.
“This covert channel is invisible, and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys, and passwords), and modulate it within the screen brightness, invisible to users,” the researchers said.
HOW THE "BRIGHTNESS" HACK WORKS
The new BRIGHTNESS attack is similar to all the methods described above. The steps are described below:
Infect air-gapped system.
Malware running on the infected computer collects the data it wants to steal.
Malware alters a screen's color settings to modify the brightness level.
The brightness level is adjusted up/down in order to relay a 0/1 binary pattern that transmits a file, one bit at a time.
A nearby attack records the screen of the infected computer.
The video is analyzed and the file is reconstructed by analyzing the variations in the screen's brightness.
The research team said it tested the BRIGHTNESS attack in several configurations. Researchers say they had the best results by modifying the Red color pixels with around 3% from their normal settings.
Do You Need To Worry?
Now, you do not have to worry about anyone stealing your login ID or password through the window anytime. As the method proposes, the attacker would need to physically breach the to-be compromised machine and have a camera that they control installed within the line of sight. This can be useful for intelligence agencies to perform any high priority intrusions. But no attacker would just sit outside your window to take the login credentials of your Facebook account. So you can chill out and let government agencies worry about this method of stealing data.