Researchers have successfully retrieved sensitive information from a computer without being connected to a network. How? ‘Or’ What ? By modifying the brightness of a screen to transmit texts or images subliminally.
Many companies and organizations use computers that are physically isolated from any network when they need to manage sensitive data or devices. This security measure, known as the air gap , thus prevents viruses or any hacking attempt. A team of researchers in Israel has discovered a method to transmit data from these devices, without the knowledge of the user.
The technique consists in modulating the screen brightness invisible to the human eye , in order to transmit information to a camera, such as files, images, passwords , etc. To work, this system still requires that three conditions are met: a camera must be placed so as to see the computer screen , the hacker must have successfully entered the local network in order to take control of the camera, and finally, a program must be installed on the target computer. This is this softwarewhich will display the data for the camera almost invisibly. It’s a bit like invisible ink, but on a computer screen.
An attack difficult to set up, but not impossible
If the meeting of these three criteria may seem improbable, a simple poorly connected object can serve as an entry point on the network to take control of other devices and therefore security cameras. In addition, even if physically isolated, a computer can be infected using a USB key . Then the intruder program, after collecting information from the computer, transmits the data through the camera undetectable to anyone on site, as shown in the video above.
With attacks that are becoming more and more sophisticated, this discovery must be taken into account on sensitive infrastructures. The simplest solution will, of course, be to place security cameras so as not to film the screens of computers containing sensitive data