Brightness: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

2019 12th CMI Conference on Cybersecurity and Privacy (CMI) Pub Date : 2019-11-01 DOI:10.1109/CMI48017.2019.8962137

Mordechai Guri, Dima Bykhovsky, Y. Elovici

{"title":"Brightness: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness","authors":"Mordechai Guri, Dima Bykhovsky, Y. Elovici","doi":"10.1109/CMI48017.2019.8962137","DOIUrl":null,"url":null,"abstract":"Air-gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak (or, exfiltlrate) sensitive information from air-gapped computers through manipulations on the screen brightness. This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. We present related work and discuss the technical and scientific background of this covert channel. We examined the channel's boundaries under various parameters, with different types of computer and TV screens, and at several distances. We also tested different types of camera receivers to demonstrate the covert channel. Lastly, we present relevant countermeasures to this type of attack.","PeriodicalId":142770,"journal":{"name":"2019 12th CMI Conference on Cybersecurity and Privacy (CMI)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 12th CMI Conference on Cybersecurity and Privacy (CMI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMI48017.2019.8962137","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

Air-gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak (or, exfiltlrate) sensitive information from air-gapped computers through manipulations on the screen brightness. This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. We present related work and discuss the technical and scientific background of this covert channel. We examined the channel's boundaries under various parameters, with different types of computer and TV screens, and at several distances. We also tested different types of camera receivers to demonstrate the covert channel. Lastly, we present relevant countermeasures to this type of attack.

查看原文本刊更多论文

亮度:通过屏幕亮度从气隙工作站泄漏敏感数据

气隙计算机是与互联网隔离的系统，因为它们存储或处理敏感信息。在本文中，我们引入了一种光学隐蔽通道，攻击者可以通过操纵屏幕亮度从气隙计算机中泄漏(或泄露)敏感信息。这个隐蔽通道是不可见的，即使当用户在电脑上工作时也能工作。受感染计算机上的恶意软件可以获取敏感数据(例如，文件、图像、加密密钥和密码)，并在屏幕亮度范围内对其进行调制，用户不可见。亮度的微小变化对人类来说是不可见的，但可以从本地安全摄像头、智能手机摄像头或网络摄像头等摄像头拍摄的视频流中恢复过来。我们介绍了相关工作，并讨论了该隐蔽通道的技术和科学背景。我们在不同的参数下，用不同类型的电脑和电视屏幕，在不同的距离上检查了频道的边界。我们还测试了不同类型的相机接收器来演示隐蔽信道。最后，针对这类攻击提出了相应的对策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 12th CMI Conference on Cybersecurity and Privacy (CMI)

自引率

0.00%

发文量