Skip to main content

Cyberattack Changes Monitor Brightness to Share Data Stolen From Air-Gapped PCs

(Image credit: Shutterstock)

In a research paper published Tuesday and spotted by The Hacker News, researchers from the Ben Gurion University in Israel demonstrated a way to exfiltrate data from air-gapped systems by changing monitor brightness levels in ways that are imperceptible to the human eye. 

Organizations typically use air-gapped systems, which aren't connected to the Internet or any other devices, to store their most sensitive information. Finding ways to compromise those systems and gain access to that private data would be a lucrative endeavor for cybercriminals.

Ben Gurion University's Mordechai Guri, who leads the university's cybersecurity research center, and his team found a new way to extract data from compromised air-gapped systems. (They left the actual infection of those systems to others.)

The tactic uses malware to collect information from target systems, encode it to binary and then communicate it via changes to monitor brightness levels. That way attackers could simply monitor the, well, monitor to access the data they desired.

But wouldn't someone notice their display changing brightness right before their eyes? No, the researchers explained. 

"In LCD screens each pixel presents a combination of RGB colors which produce the required compound color. In the proposed modulation, the RGB color component of each pixel is slightly changed. [...] These changes are invisible, since they are relatively small, and occur fast, up to the screen refresh rate. Moreover, the overall color change of the image on the screen is invisible to the user," the paper says.

This method, however, doesn't eliminate many of the obstacles associated with accessing data from air-gapped systems. The researchers didn't explain how to infect those systems, for example, or how someone might covertly set up the equipment needed to witness these nigh-imperceptible changes in monitor brightness.