Pixhell Attack: Leaking Info from Air-Gap Computers via 'Singing Pixels'
The PIXHELL attack enables data leakage from air-gapped computers by using screen-generated sound, transmitting sensitive information over 2 meters while employing evasion techniques and suggesting countermeasures for protection.
Read original article
The PIXHELL attack, presented by Mordechai Guri, reveals a new method for leaking sensitive information from air-gapped computers without the need for audio hardware. Traditionally, air-gapped systems are isolated from networks to protect sensitive data, but attackers can exploit sound from speakers to exfiltrate information. The PIXHELL attack circumvents this by using the noise generated by the pixels on a screen, allowing malware to create specific pixel patterns that emit sound frequencies between 0 and 22 kHz. This method utilizes the electromagnetic noise produced by the screen's components, enabling the transmission of sensitive data over distances of up to 2 meters. The paper discusses the attack model, technical background, and implementation details, including bitmap generation and the modulation/demodulation process. It also addresses evasion techniques, such as using low-brightness patterns that resemble turned-off screens, and proposes countermeasures to mitigate this threat. The findings highlight the vulnerabilities of air-gapped and audio-gapped systems, emphasizing the need for enhanced security measures.
- The PIXHELL attack leaks data from air-gapped computers using screen-generated sound.
- It operates without audio hardware, exploiting electromagnetic noise from screen components.
- Sensitive information can be transmitted over distances of up to 2 meters.
- The attack employs low-brightness patterns to evade detection.
- Countermeasures are proposed to protect against this type of data exfiltration.
Related
Hackers can wirelessly watch your screen via HDMI radiation
Researchers in Uruguay developed "Deep-TEMPEST," a technique using AI to wirelessly intercept HDMI video signals via electromagnetic radiation, raising security concerns for sensitive data protection against potential espionage.
Deep-Tempest: Using Deep Learning to Eavesdrop on HDMI
The paper "Deep-TEMPEST" explores eavesdropping on HDMI signals via deep learning, improving text recognition accuracy significantly. It offers an open-source solution and discusses countermeasures against such eavesdropping techniques.
Make Your Electronics Tamper-Evident
AnarSec's article outlines methods to enhance electronic device security against tampering, including tamper-evident screws, transparent storage solutions, and secure operating systems like Qubes OS and Tails.
Open source laser microphone picks up laptop keystrokes
Samy Kamkar developed a laser-based technique to capture keystrokes and audio from a distance, demonstrating vulnerabilities in privacy and suggesting countermeasures like double-paned glass to mitigate surveillance threats.
Missing Salamanders: Matrix Media can be decrypted to multiple valid plaintexts
A security vulnerability in the Matrix protocol allows attackers to decrypt media files due to lack of authenticated encryption, improper key association, and ambiguous specifications, compromising encrypted media security.
7 commentsAlso, undiscussed mitigation techniques[2] relevant to this general class of nuisance that circuit designers may find of value.
At that point, in the kind of situation where someone is actively trying to exfiltrate data, couldn't they point their phone camera at a screen?
Like, maybe there are scenarios where the exit device is compromised without the wearer knowing, or the spy wants to remain discrete, but they seem a bit niche.
Much the same way that people have used them to make music.
https://www.theverge.com/24034551/floppy-disk-music-scene-un...
This is really just publication spam.
Related
Hackers can wirelessly watch your screen via HDMI radiation
Researchers in Uruguay developed "Deep-TEMPEST," a technique using AI to wirelessly intercept HDMI video signals via electromagnetic radiation, raising security concerns for sensitive data protection against potential espionage.
Deep-Tempest: Using Deep Learning to Eavesdrop on HDMI
The paper "Deep-TEMPEST" explores eavesdropping on HDMI signals via deep learning, improving text recognition accuracy significantly. It offers an open-source solution and discusses countermeasures against such eavesdropping techniques.
Make Your Electronics Tamper-Evident
AnarSec's article outlines methods to enhance electronic device security against tampering, including tamper-evident screws, transparent storage solutions, and secure operating systems like Qubes OS and Tails.
Open source laser microphone picks up laptop keystrokes
Samy Kamkar developed a laser-based technique to capture keystrokes and audio from a distance, demonstrating vulnerabilities in privacy and suggesting countermeasures like double-paned glass to mitigate surveillance threats.
Missing Salamanders: Matrix Media can be decrypted to multiple valid plaintexts
A security vulnerability in the Matrix protocol allows attackers to decrypt media files due to lack of authenticated encryption, improper key association, and ambiguous specifications, compromising encrypted media security.