New, Sly Cyberattack Leaks Secrets from LCD Screen Noise on Air-Gapped Computers
If you thought the recent RAMBO attack was straight out of a James Bond movie, wait until you hear about PIXHELL.
Cybersecurity researchers from Ben-Gurion University of the Negev in Israel, the same group that discovered RAMBO, recently reported on PIXHELL, a side-channel attack that can exfiltrate sensitive data via the frequencies emitted by the LCD screen.
Apparently you can force the display to emit a specific frequency in the range of 0-22 kHz. The signals sent out in this way can then be picked up by nearby devices like smartphones, decoded and read. So in theory you could steal passwords and other sensitive data that way.
Attacks on air-gapped systems
The attack is clearly a long shot, but with state-sponsored threat actors lurking around the corner, it’s not too hard to imagine spies using it. Since the upload speed is super slow (20 bits per second (bps)), you can expect to only be able to grab small files and bits of text. Additionally, the attacker would need to be relatively close to the vulnerable device (just a few feet) for the upload to succeed.
The researchers say this type of attack could be used against air-gapped systems, which are computers that are disconnected from networks and the wider internet to prevent unauthorized access. So even if a user inadvertently introduces malware (for example, via a compromised USB device), the malware would still have no way to exfiltrate the data because the computer is disconnected from the internet.
In those scenarios, cybercriminals and state-sponsored actors typically turn to side-channel attacks, where various physical or behavioral characteristics allow for indirect information leakage. Things like power consumption, timing information, electromagnetic emissions, or even sound can all be used to extract certain key data.
By analyzing these characteristics, attackers can infer secret information, such as encryption keys, without having to crack the encryption itself. Side-channel attacks are often passive, making them difficult to detect.
Via BleepingComputer