Brightness: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

Guri, Mordechai; Bykhovsky, Dima; Elovici, Yuval

doi:10.1109/cmi48017.2019.8962137

Cited by 28 publications

(13 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In recent years, sound waves, magnetic fields, and heat emissions have also been proposed as covert channels. At the optical domain, leaking information via the keyboard LEDs, hard drive LEDs, and screen power brightness [21] was also proposed. In these methods, binary data is encoded over the activities of the LEDs…”

Section: B Leaking Information From Air-gapped Facilitiesmentioning

confidence: 99%

ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs

Guri

2022

2022 IEEE International Conference on Cyber Security and Resilience (CSR)

Self Cite

View full text Add to dashboard Cite

Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an 'air-gap .' In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals.An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.

show abstract

Section: B Leaking Information From Air-gapped Facilitiesmentioning

confidence: 99%

ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs

Guri

2022

2022 IEEE International Conference on Cyber Security and Resilience (CSR)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The hard disk drive (HDD) LEDs [45], router and switch LEDs [44], and security cameras and their IR LEDs [27], also proposed as methods for exfiltrating data from air-gapped networks. Researchers also showed how to exfiltrate data from air-gapped computers via screen brightness [28], and hidden images projected on the screen [31]. BitWhisper is a unique covert channel based on the thermal medium [37].…”

Section: Related Workmentioning

confidence: 99%

GAIROSCOPE: Leaking Data from Air-Gapped Computers to Nearby Smartphones using Speakers-to-Gyro Communication

Guri

2021

2021 18th International Conference on Privacy, Security and Trust (PST)

Self Cite

View full text Add to dashboard Cite

It is known that malware can leak data from isolated, air-gapped computers to nearby smartphones using ultrasonic waves. However, this covert channel requires access to the smartphone's microphone, which is highly protected in Android OS and iOS, and might be non-accessible, disabled, or blocked.In this paper we present 'GAIROSCOPE,' an ultrasonic covert channel that doesn't require a microphone on the receiving side. Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope. These inaudible frequencies produce tiny mechanical oscillations within the smartphone's gyroscope, which can be demodulated into binary information. Notably, the gyroscope in smartphones is considered to be a 'safe' sensor that can be used legitimately from mobile apps and javascript. We introduce the adversarial attack model and present related work. We provide the relevant technical background and show the design and implementation of GAIROSCOPE. We present the evaluation results and discuss a set of countermeasures to this threat. Our experiments show that attackers can exfiltrate sensitive information from air-gapped computers to smartphones located a few meters away via Speakers-to-Gyroscope covert channel.

show abstract

“…Reducing network activity in this way can greatly minimize the threat surface of sensitive genetic information. Separating networks and devices from other networks, or air gapping, while using hard drives is possible, but even air-gapped systems have been shown to be vulnerable to compromise (Guri, 2020;Guri et al, 2019). Sequencing devices are still required to be connected to the Internet for maintenance and are often connected between offline operations.…”

Section: Storage and Compute Infrastructurementioning

confidence: 99%

Genetic information insecurity as state of the art

Schumacher

Sawaya²,

Nelson³

et al. 2020

Preprint

View full text Add to dashboard Cite

Genetic information is being generated at an increasingly rapid pace, offering advances in science and medicine that are paralleled only by the threats and risk present within the responsible ecosystem. Human genetic information is identifiable and contains sensitive information, but genetic data security is only recently gaining attention. Genetic data is generated in an evolving and distributed cyber-physical ecosystem, with multiple systems that handle data and multiple partners that utilize the data. This paper defines security classifications of genetic information and discusses the threats, vulnerabilities, and risk found throughout the entire genetic information ecosystem. Laboratory security was found to be especially challenging, primarily due to devices and protocols that were not designed with security in mind. Likewise, other industry standards and best practices threaten the security of the ecosystem. A breach or exposure anywhere in the ecosystem can compromise sensitive information. Extensive development will be required to realize the potential of this emerging field while protecting the bioeconomy and all of its stakeholders.

show abstract

Brightness: Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

Cited by 28 publications

References 33 publications

ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs

ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs

GAIROSCOPE: Leaking Data from Air-Gapped Computers to Nearby Smartphones using Speakers-to-Gyro Communication

Genetic information insecurity as state of the art

Contact Info

Product

Resources

About