BRIGHTNESS: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness
This addresses a critical security vulnerability for organizations relying on air-gapped systems to protect sensitive data, representing a novel attack vector rather than an incremental improvement.
The paper tackles the problem of data exfiltration from air-gapped computers by introducing an optical covert channel that leaks sensitive information through invisible manipulations of screen brightness, achieving data transmission that can be captured by cameras at various distances.
Air-gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak (or, exfiltlrate) sensitive information from air-gapped computers through manipulations on the screen brightness. This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. We present related work and discuss the technical and scientific background of this covert channel. We examined the channel's boundaries under various parameters, with different types of computer and TV screens, and at several distances. We also tested different types of camera receivers to demonstrate the covert channel. Lastly, we present relevant countermeasures to this type of attack. Lastly, we present relevant countermeasures to this type of attack.