In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly or physically with other computers or network devices.
The method relies on making small tweaks to an LCD screen's brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods.
Named BRIGHTNESS, the attack was designed for air-gapped setups -- where computers are kept on a separate network with no internet access.
These clever ideas rely on exploiting little-noticed emissions of a computer's components, such as light, sound, heat, radio frequencies, or ultrasonic waves, and even using the current fluctuations in the power lines.
For instance, potential attackers could sabotage supply chains to infect an air-gapped computer, but they can't always count on an insider to unknowingly carry a USB with the data back out of a targeted facility.
When it comes to high-value targets, these unusual techniques, which may sound theoretical and useless to many, could play an important role in exfiltrating sensitive data from an infected but air-gapped computer.
How Does the Brightness Air-Gapped Attack Work?
The new BRIGHTNESS attack is similar to all the methods described above. The steps are described below:
- Infect air-gapped system.
- Malware running on the infected computer collects the data it wants to steal.
- Malware alters a screen's color settings to modify the brightness level.
- The brightness level is adjusted up/down in order to relay a 0/1 binary pattern that transmits a file, one bit at a time.
- A nearby attack records the screen of the infected computer.
- The video is analyzed and the file is reconstructed by analyzing the variations in the screen's brightness.
Air-Gapped Popular Data Exfiltration Techniques
It's not the first time Ben-Gurion researchers came up with a covert technique to target air-gapped computers. Their previous research of hacking air-gap machines include:
- PowerHammer attack to exfiltrate data from air-gapped computers through power lines.
- MOSQUITO technique using which two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.
- BeatCoin technique that could let attackers steal private encryption keys from air-gapped cryptocurrency wallets.
- aIR-Jumper attack that takes sensitive information from air-gapped computers with the help of infrared-equipped CCTV cameras that are used for night vision.
- MAGNETO and ODINI techniques use CPU-generated magnetic fields as a covert channel between air-gapped systems and nearby smartphones.
- USBee attack that can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
- DiskFiltration attack that can steal data using sound signals emitted from the hard disk drive (HDD) of the targeted air-gapped computer;
- BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
- AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
- Fansmitter technique that uses noise emitted by a computer fan to transmit data; and
- GSMem attack that relies on cellular frequencies.