The normal way to steal data from a compromised computer is to retrieve it over a network. If that computer isn’t connected to one, it gets a little trickier.
Researchers at Ben-Gurion University of the Negev have made a name for themselves figuring out how to get data out of air-gapped computers. They’ve dreamed up ways to communicate using speakers, blinking LEDs in PCs, infrared lights in surveillance cameras, and even computer fans.
Now, they’ve figured out a way to retrieve data from a disconnected computer by altering its LCD display’s pixel density just enough for a nearby camera to pick it up.
In a paper published this month, the researchers describe what they call an “optical covert channel” which cameras can detect, but which users cannot. They use one of the three colours in LCD pixels which normally combine to give the pixel a range of hues.
Their technique adjusts the red colour component in pixels on the screen by 3%, which is apparently not enough for users to notice. A camera located six metres from the 19-inch screen was nevertheless able to detect the difference.
Optical exfiltration techniques have cropped up before, they explain, but most of them have been easily detectable by users. Conversely, an attacker could theoretically use this one even while a user was working at the compromised machine.
We say “theoretically” because in practice there are a lot of challenges involved in this attack. The first is that the computer has to be compromised in the first place, which means getting to its physical location. Then, you could infect it with a USB stick, but if you’ve reached that point, presumably you could just copy the data to the stick.