A researcher has presented the details of a new attack method for exfiltrating data from air-gapped computers using the noise generated by the ‘pixels’ on the screen.
The data exfiltration method, named PIXHELL, was discovered by Mordechai Guri of the Ben-Gurion University of the Negev in Israel.
Over the past years, Guri and other researchers have demonstrated several methods for jumping air gaps, including through ultrasonic tones, RAM-generated Wi-Fi signals, fan vibrations, heat emissions, HDD LEDs, infrared cameras, magnetic fields, power lines, router LEDs, scanners, screen brightness, USB devices, noise from hard drives and fans, and electromagnetic radiation.
Most recently, Guri published a paper on an air-gap-jumping attack called RAMBO, which relies on radio signals from memory buses.
In the case of the PIXHELL attack, as with all of these types of attacks, the attacker needs to find a way to plant malware on the air-gapped computer from which they want to exfiltrate data. This can be achieved using malicious insiders, social engineering or supply chain attacks.
The malware — by controlling the pixel patterns displayed on the LCD screen — can cause the screen to generate acoustic waves at specific frequencies. These acoustic signals are produced by the coils and capacitors found inside monitors and TVs.
The coils and capacitors vibrate when electrical current passes through them, creating a noise that can be controlled by the malware based on what it displays on the screen.
The malware can collect sensitive information from the targeted device, such as passwords and encryption keys, and convert them into ‘0’ and ‘1’ bits that can be transmitted through the noise. For instance, a certain frequency can represent a ‘1’ and a different frequency a ‘0’.
These bits can be captured by a nearby smartphone, microphone or laptop at a rate of 5-20 bits per second (bps) over distances ranging between 0 and 2.5 meters (8 feet), according to the experiments conducted by the researcher.
A paper published on September 7 provides technical details, as well as countermeasures for this type of attack. A video that shows the PIXHELL attack in action is also available.
Related: RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems
Related: 17 Malware Frameworks Target Air-Gapped Systems for Espionage
Related: USB Hacking Devices Can Steal Credentials From Locked Computers