Researchers Steal Data From Computer Using Monitor Brightness

Researchers Steal Data From Computer Using Monitor Brightness

The conventional wisdom of computer security holds that the most sensitive data should live exclusively in “air-gapped” systems without a network connection. Still, no security protocol is completely foolproof. We’ve seen a few methods of extracting data from air-gapped systems, and the latest is particularly insidious. Researchers from Ben Gurion University have devised a way to leak data from a computer via changes in display brightness.

Similar to some past methods of data extraction, the system demonstrated by Ben Gurion University requires some planning. It’s not (thankfully) a vulnerability in any software or hardware that someone can exploit to steal data. Instead, an attacker would need access to the computer to install a piece of malware. They could also use social engineering to get someone who has legitimate access to an air-gapped system to load malware.

The exploit developed by the team takes the data from the secure system and encodes it as binary. To exfiltrate the data, you need a camera near the system that can see the screen. By making subtle changes in the monitor’s RGB color values, the malware sends the 1s and 0s visually. The changes can also flip on and off as fast as the monitor refreshes. Someone sitting at the computer won’t notice anything amiss, but their actions could slowly trickle out on a video feed. Even looking at static screen images of “0” and “1” signals would not tip anyone off.

You can see the technique at work in the video above. The variations in the “filtered” side are almost imperceptible, so no one has any hope of spotting them unaided. The complicated setup is a drawback of this attack, and you’re also not going to get a lot of data. Under ideal conditions, the Ben Gurion University team was able to extract 5 bits per second from the air-gapped machine. That’s about 60 times slower than an old-fashioned Bell 300 baud dial-up modem from the 1970s. This is enough to grab text from the system, but that’s it.

This is not something you need to worry much about — there are much easier ways to steal data from devices that connect to the internet. This approach also requires a lot of setup and planning just to steal a few bits of data. Still, it’s just one more thing for people in highly secure facilities to worry about.

Continue reading

Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive
Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive

Microsoft's Tim Stuart doesn't think the company will try to cut PS5 gamers out of future Bethesda titles. The company wants Xbox to be the best destination for its games, but not the only one.

Sony Is Refusing Refunds for Cyberpunk 2077
Sony Is Refusing Refunds for Cyberpunk 2077

The Cyberpunk 2077 team at CD Projekt Red has told gamers to seek refunds, but at least some PlayStation 4 players are being denied.

Microsoft Picks Up Ark II as an Xbox Exclusive
Microsoft Picks Up Ark II as an Xbox Exclusive

Microsoft has added another exclusive to its own stable of games. Ark II, the sequel to the hottest bug simulator of the 2010s and starring Vin Diesel, will apparently debut as an Xbox exclusive, though it’s probably time-limited as opposed to permanently locked away from the platform.The interesting thing about Microsoft choosing to snag Ark…

Fusion Reactor Sets Record By Running for 20 Seconds
Fusion Reactor Sets Record By Running for 20 Seconds

A team from South Korea just made a major advancement — the Korea Superconducting Tokamak Advanced Research (KSTAR) device recently ran for 20 seconds. That might not sound impressive, but it doubles the previous record.