Hacking techniques are limitless. Israeli researchers at Ben-Gurion University detailed a method, dubbed Brightness, to steal data from computers by capturing brightness video changes of the LCD screens imperceptible to the human eye. By detecting these variations, extracting video streams and relying on algorithmic methods, the attack can be used to steal documents and files on systems even if the machine is set using Air-Gap and is not connected to public networks.
Many companies and organizations use computers that are physically isolated from any network when they need to manage sensitive data or devices. This security measure, known as the Air-Gap mode, thus avoids viruses or any hacking attempt. A team of researchers in Israel has discovered a method to transmit data from these devices, without the knowledge of the user.
The technique involves modulating the brightness of the screen invisible to the human eye, to transmit information to a camera, such as files, images, passwords and much more. To be deployed, this hacking attack technique still requires that three conditions are met:
- A camera should be placed to grab the computer screen.
- The hacker must have successfully penetrated the local network to take control of the camera.
- The software must be installed on the target computer.
The function of this software will be to display the data in an invisible way which will then be recorded by the camera.
AN ATTACK DIFFICULT TO SET UP BUT NOT IMPOSSIBLE
If the meeting of these three conditions may seem impossible, a simple poorly connected device can be used as an entry point on the network to take control of other devices and therefore security cameras. Also, even if physically isolated, a computer can be infected using a USB key. Then the intruder software, after collecting information from the computer, transmits the data to the camera in an undetectable way as shown in the video above.
Air-Gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak sensitive information from Air-Gapped computers through manipulations on the screen brightness.
This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data, and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam.
With attacks that are becoming more and more sophisticated, this discovery must be taken into account on sensitive infrastructures. Currently to avoid this attack to be deployed the simplest solution would be to place the security cameras positioned in a way to be unable to record computer screens.