Researchers have devised a new strategy to target air-gapped systems. Dubbed BRIGHTNESS, the attack method exploits the screen brightness settings in air-gapped systems to pilfer sensitive data.
BRIGHTNESS Attack Exploits Screen Brightness
Researchers from the Ben-Gurion University of the Negev, Israel, has shared a new attack method that allows stealing sensitive data. The researchers have named this attack strategy ‘BRIGHTNESS’ that targets air-gapped systems by exploiting the LCD screen brightness.
Air-gapped systems are isolated from the internet as they store sensitive or confidential information. Such systems usually exist on enterprise networks or government setups. Owing to their isolation, it remains a challenging activity to successfully hack such systems without physical access. However, BRIGHTNESS is a different ideology.
While the details of the study are available in their research paper, here we provide a brief of their concept.
As revealed, a potential attacker may manipulate screen brightness of air-gapped systems to steal data. It predominantly includes two main tasks; target network contamination using capabilities of a modern APT, and exploiting a camera (even a surveillance camera) to take pictures of the target system’s display.
Upon successful exploitation, an adversary can execute the malware to steal data from the target air-gapped system. For this, the malware manipulates the screen brightness and relays a 0/1 binary pattern to transmit one file at a time. Then, recording the screen of the infected computer via the camera and the subsequent analysis of the video will then allow the attacker reconstruct the stolen file.
While the human eye cannot detect these subtle changes in the screen brightness, a camera lens can. Thus, the attack covertly continues on the system whilst escaping human detection. The researchers tested a security camera (Sony SNC-DH120 IPELA Minidome 720P HD), a webcam (Microsoft Lifecam Studio), and a smartphone (Samsung Galaxy S7) with various distance and speed (bps).
The following video demonstrates an attack scenario.
Perhaps not so dangerous?
Despite being unusual and potentially threatening, the BRIGHTNESS attack has many limitations. At first, the probability of this attack on general systems is very low due to the sophistication of the attack setup. Secondly, the maximum file transmit speed recorded by the researchers is 5-10 bps, which is still very low for extracting large volumes of data.
However, one can still exploit this attack for short-term yet dangerous data exfiltration, such as stealing encryption keys.
Furthermore, users can easily mitigate the BRIGHTNESS attack by using polarized film on the systems’ screens. This will darken the display when viewed through a camera, thus minimizing the chances of recording screen brightness fluctuations.