Researchers Steal Data From Computer Using Monitor Brightness

Researchers Steal Data From Computer Using Monitor Brightness

The conventional wisdom of computer security holds that the most sensitive data should live exclusively in “air-gapped” systems without a network connection. Still, no security protocol is completely foolproof. We’ve seen a few methods of extracting data from air-gapped systems, and the latest is particularly insidious. Researchers from Ben Gurion University have devised a way to leak data from a computer via changes in display brightness.

Similar to some past methods of data extraction, the system demonstrated by Ben Gurion University requires some planning. It’s not (thankfully) a vulnerability in any software or hardware that someone can exploit to steal data. Instead, an attacker would need access to the computer to install a piece of malware. They could also use social engineering to get someone who has legitimate access to an air-gapped system to load malware.

The exploit developed by the team takes the data from the secure system and encodes it as binary. To exfiltrate the data, you need a camera near the system that can see the screen. By making subtle changes in the monitor’s RGB color values, the malware sends the 1s and 0s visually. The changes can also flip on and off as fast as the monitor refreshes. Someone sitting at the computer won’t notice anything amiss, but their actions could slowly trickle out on a video feed. Even looking at static screen images of “0” and “1” signals would not tip anyone off.

You can see the technique at work in the video above. The variations in the “filtered” side are almost imperceptible, so no one has any hope of spotting them unaided. The complicated setup is a drawback of this attack, and you’re also not going to get a lot of data. Under ideal conditions, the Ben Gurion University team was able to extract 5 bits per second from the air-gapped machine. That’s about 60 times slower than an old-fashioned Bell 300 baud dial-up modem from the 1970s. This is enough to grab text from the system, but that’s it.

This is not something you need to worry much about — there are much easier ways to steal data from devices that connect to the internet. This approach also requires a lot of setup and planning just to steal a few bits of data. Still, it’s just one more thing for people in highly secure facilities to worry about.

Continue reading

NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space
NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space

NASA reports the probe grabbed so much regolith from the asteroid that it's leaking out of the collector. The team is now working to determine how best to keep the precious cargo from escaping.

NASA: Asteroid Could Still Hit Earth in 2068
NASA: Asteroid Could Still Hit Earth in 2068

This skyscraper-sized asteroid might still hit Earth in 2068, according to a new analysis from the University of Hawaii and NASA’s Jet Propulsion Laboratory.

NASA Probe Stows Huge Asteroid Sample for Return to Earth
NASA Probe Stows Huge Asteroid Sample for Return to Earth

Following the recent successful touch and go operation, NASA has reported a sizeable sample of the asteroid has now been locked away in the probe's sample return container.

Hubble Examines 16 Psyche, the Asteroid Worth $10,000 Quadrillion
Hubble Examines 16 Psyche, the Asteroid Worth $10,000 Quadrillion

Researchers just finished an ultraviolet survey of 16 Psyche, the ultra-valuable asteroid NASA plans to visit in 2026.