Brightness: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

Mordechai Guri, Dima Bykhovsky, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

Air-gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak (or, exfiltlrate) sensitive information from air-gapped computers through manipulations on the screen brightness. This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. We present related work and discuss the technical and scientific background of this covert channel. We examined the channel's boundaries under various parameters, with different types of computer and TV screens, and at several distances. We also tested different types of camera receivers to demonstrate the covert channel. Lastly, we present relevant countermeasures to this type of attack.

Original languageEnglish
Title of host publication2019 12th CMI Conference on Cybersecurity and Privacy, CMI 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728128566
DOIs
StatePublished - 1 Nov 2019
Event12th CMI Conference on Cybersecurity and Privacy, CMI 2019 - Copenhagen, Denmark
Duration: 28 Nov 201929 Nov 2019

Publication series

Name2019 12th CMI Conference on Cybersecurity and Privacy, CMI 2019

Conference

Conference12th CMI Conference on Cybersecurity and Privacy, CMI 2019
Country/TerritoryDenmark
CityCopenhagen
Period28/11/1929/11/19

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Brightness: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness'. Together they form a unique fingerprint.

Cite this