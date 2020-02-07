Affiliate commissions can be paid for this website via the links on this page. Terms of Use.

The common opinion on computer security says that the most confidential data should only be stored in systems with an “air gap” without a network connection. However, no security protocol is absolutely foolproof. We have seen some methods of extracting data from systems with air gaps, and the newest method is particularly insidious. Ben Gurion University researchers have developed a way to remove data about changes in display brightness from a computer.

Similar to some previous data extraction methods, the system presented by Ben Gurion University requires some planning. Fortunately, it is not a software or hardware vulnerability that someone could exploit to steal data. Instead, an attacker needs access to the computer to install malware. You could also use social engineering to get someone who has legitimate access to an air-gap system to load malware.

The exploit developed by the team takes the data from the secure system and encrypts it as a binary file. To filter the data, you need a camera near the system that can see the screen. By slightly changing the monitor’s RGB color values, the malware sends the ones and zeros visually. The changes can also be turned on and off as quickly as the monitor is updated. Someone sitting at the computer doesn’t notice anything wrong, but their actions can slowly be reflected in a video feed. Even looking at static screens of “0” and “1” signals would not turn anyone upside down.

You can see the technique at work in the video above. The variations in the “filtered” page are almost imperceptible, so that nobody has the hope of discovering them without outside help. The complex setup is a disadvantage of this attack, and you won’t get much data either. Under ideal conditions, the Ben Gurion University team was able to extract 5 bits per second from the machine with an air gap. This is about 60 times slower than an old-fashioned Bell 300 baud dial-up modem from the 1970s. This is enough to get text out of the system, but that’s it.

This is not something to worry about – there are much easier ways to steal data from devices that connect to the Internet. This approach also requires a lot of setup and planning to steal just a few bits of data. Still, for people in high security facilities, it’s just one more thing to worry about.

