Researchers have discovered a clever new technique to siphon data off of a computer by tinkering with the monitor’s brightness. All the hacker needs to do is insert a malicious USB onto the computer and monitor the screen through a nearby hacked camera.
The way it works is that the malicious USB intercepts the LCD’s RGB values and tinkers with it in a way that is only visible through a special camera filter and is invisible to the naked eye. This can easily be used to transmit important data off a high profile computer in an intelligence agency.
Note that the method also works on monitors that are “air-gapped”, which is a security measure where the computer network is isolated from unsecured or public networks such as the internet.
The researchers said:
This covert channel is invisible, and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys, and passwords), and modulate it within the screen brightness, invisible to users.
The video below demonstrates how this technique works.
ARVE Error: src mismatchprovider: youtube
url: https://youtu.be/ZrkZUO2g4DE
src in org: https://www.youtube-nocookie.com/embed/ZrkZUO2g4DE?feature=oembed&modestbranding=0&showinfo=0&rel=0&autoplay=1
src in mod: https://www.youtube-nocookie.com/embed/ZrkZUO2g4DE?modestbranding=0&showinfo=0&rel=0&autoplay=1
src gen org: https://www.youtube-nocookie.com/embed/ZrkZUO2g4DE
Although this method is unlikely to be used in domestic environments, it could pose a serious threat in offices and other work environments where there is an abundance of CCTV cameras.
