Academics Steal Data From Air-Gapped Systems Using Screen Brightness Variations (zdnet.com) 52
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers. From a report: The method relies on making small tweaks to an LCD screen's brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods. This article describes this innovative new method of stealing data, but readers should be aware from the start that this attack is not something that regular users should worry about, and are highly unlikely to ever encounter it. Named BRIGHTNESS, the attack was designed for air-gapped setups -- where computers are kept on a separate network with no internet access. Air-gapped computers are often found in government systems that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information.
Re: (Score:2)
Re: (Score:2)
....or somebody 'loses' a flash drive at Starbucks.
Re: (Score:3)
Yes, exactly. It also has the prerequisite that your software is running on that device, has that degree of low-level hardware access, has been able to access and decode the data you want, and you can somehow get that volume of data out of the low-bandwidth hacked hardware method (like changing display brightness).
If you can get your software onto the air-gapped device in the first place via some vector (USB device with hidden software?) then wouldn't it be easier to offload your data via that same vector (
Re: (Score:2)
Another pre-requisite, in this case: The monitor has to be connected and turned on...
Re: (Score:2)
Re: (Score:1)
take a
Re: (Score:1)
Ok, but what if, you get to have good data on this brightness variations AND appropiate sound data?
Don't get me wrong, this sounds quite silly, but on the other hand, if "that certain stuff" is the difference earning or not earning some 7-figure number, then it pays to be paranoid.
Re: (Score:1)
Either method would "work" in a lab, but not in the real world. For the brightness you need to install software on the computer in order to "send" the data, unless you friggin point a camera at the screen (I know, amazing, but you can "steal data" by pointing a camera at the screen to detect brightness levels in the LCD). You can monitor a keyboard sound, and guess what the keystrokes were, if you knew the particular characteristics of the keyboard and had enough fidelity in the sound. But good luck with do
Re: (Score:2)
Or looked at another way, anything works, if you don't have any *physical* security.
Re: (Score:2)
So... (Score:2)
People with enough control to install software on an air-gapped system are able to then get it to transmit data?
I mean... yeah, ok, but I would hope that any system that is "air-gapped" for security would also have it's USB ports glued over....
For the lulz (Score:2)
That's because you only think about the "Mossad is out to get your ass" type of uses.
You forgot about the "Kevin Jr" is doing shit just for the pleasure of fucking things up.
Random example:
- imagine someone releases some piece of code masquerading as some tool useful for gamer but working as a backdoor. (that used to be a probable risk on the crack/trainer/etc. on old download sites. There's probably some other modern equivalent: some game assisting-bots ?).
- 4chan user decide he wants to fuck up with some
Re: (Score:2)
People with enough control to install software on an air-gapped system are able to then get it to transmit data?
I mean... yeah, ok, but I would hope that any system that is "air-gapped" for security would also have it's USB ports glued over....
Uh, those USB ports are often used to back up data on an air-gapped standalone system, to protect against the inevitable (hard drive crash).
The actual mitigation methods are restricting software installs by limiting permissions, and considerable levels of auditing. But to your point, if you've got physical access and rights to install software, there's only so much you can do to protect against the insider (admin) threat.
Re: (Score:2)
Uh, those USB ports are often used to back up data on an air-gapped standalone system, to protect against the inevitable (hard drive crash).
Not in any secure environment I've ever seen. Usually the approved method is to use tape or DVD burning since it's one-way.
The policies had changed to have USB ports disabled a year or so before Stuxnet. USB ports were the attack vector Stuxnet used to infiltrate.
There's more than one way to secure USB ports, and you would be surprised at what certain policies allow. Ironically enough, DVD burning is specifically disabled by default. Continuous auditing/monitoring is leaned on quite heavily due to the insider threat, particularly with support staff that have admin rights.
Whatever happened (Score:2)
to those reports from around a decade ago of air gapped computers being compromised by using their microphones? IIRC it was only a lab POC but still quite interesting.
Re: (Score:1)
Why is it interesting? It is fairly obvious. You can communicate information using many methods. Light. Sound. Electricity. Air. Water. Smoke. Do we need a report on all those?
User tracking ultrasound beacon (Score:3)
those reports from around a decade ago of air gapped computers being compromised by using their microphones?
It has been in production now to track users by marketeers for ads retargetting and is called an "ultrasound beacon" (Look at the "Cross-device tracking" here in this mozilla blog post [mozilla.org]).
(I also remember it being used for less nefarious purposes. I think Spotify can use to pair devices and help your own device realise when they are close to each other).
You can bet someone will find a creative use of "information leaked through brightness control" (e.g.: for when the sound beacon can't work)
Re: (Score:2)
And to think I used to joke about a two-cans-and-a-piece-of-string L1 network.
We were even going to try to build it with some old acoustic-coupler modems and amplifiers.
This is just video forensic watermarking! (Score:5, Informative)
It is rather low bandwidth... we just use it essentially for long serial numbers, to track down leakers... but it's completely reliable. And not new.
Re: This is just video forensic watermarking! (Score:2)
Whoa! If I had mods points... really interesting.
How would it get enforced? If you find a pirated movie on the internet then you can find which copy it originally was? Has it actually been used for enforcement?
Re: (Score:2)
I think this would be used for tracking down pre-release versions of films. i.e. the ones sent to specific reviewers or members of the academy for Oscar nominations and the like.
Re: (Score:2)
I think this is has nothing to do with watermarking. I got the impression that the data gathered was from other regions of the screen, not from the source video. Why would you be trying to steal data from a source you already had?
Re: (Score:2)
Very interesting comment!
I find that the current setup applies the fundamentals that you mention to a quite different system. Specifically, online adjusting of screen brightness to encode data (vs offline editing of a movie) in order to extract data from an air-gaped system. There is sufficient novelty to be commented, imho.
You could do that (Score:3)
Or you could find someone with access to that system and send him a letter with something along the lines "Hello. We know you have access to data we want. In unrelated news, we know where you, your wife and your kids live. We would love to have that data. About as much as you love your wife and kids."
Needs work on the wording, but you get the gist of it.
Re: (Score:1)
Or for the guys who don't have a wife or kid: "Here is $100".
Re: You could do that (Score:3)
Re: (Score:2)
Not likely. People with access to highly valuable classified material are usually watched. Not due to a lack of trust. but the biggest risk is just this sort of threat or blackmail.
Re: (Score:2)
You think state actors have any qualms of hiring hitmen, including the phrase "and if you squeal, we'll off them regardless"?
The fun bit about our technology is that it's become quite trivial to kill someone from far away if you are willing to take the risk of discovery.
Re: (Score:2)
and if you squeal
People who have this kind of protection don't have to squeal. Odds are pretty good that the CIA will intercept the threat on its way in. And all they'll know is when their security officer tells them that the problem was taken care of. The drone attack on the enemy's head of state intelligence might make the nightly news.
Nothing for YOU to see here (Score:1)
Unless of course YOU are a computer.
Or you can hook an VCR like device to an DVI/HDMI (Score:2)
Or you can hook an VCR like device to an DVI/HDMI splitter
Moot point? (Score:2)
A computer that handles material sensitive enough to need air gapping probably wouldn't be in a room with a window, but rather in a secured, interior room (at least, hopefully). So for someone to use this attack vector they would still need physical access to the room, and most likely would then have physical access to the computer as well.
Next... (Score:2)
The problem is the 'Academics' (Score:1)
keyboard led (Score:1)
Re: (Score:2)
Good (Score:2)
Next time I see someone messing with my monitor I'll know they're actually trying to hack me! ..........
Like IR port but with one-way screen to camera. (Score:2)
Why add the security click bait, it is cool even doing this with any computer. (for about 1 minute).
Gvernmint? (Score:2)
Some Discovered Side Channel Attacks (Score:2)
Shhhhh (Score:2)
Be vewwy vewwy quiet.
I'm putting up dot cameras ...
Old tech is the best tech (Score:2)
This attack is useless against my amber-on-black high-persistence-phosphor CRT VT220 terminal.
Or are y'all using them newfangled X Terminals ?
Re: (Score:2)
It made my old heart lol.
If only... (Score:2)
--If only there were some sort of hood we could place over the monitor - maybe we could put it all inside a Faraday cage and call it the "Cone of Silence"...