Yes! This sounds very supernatural as well as strangely repulsive that hackers have successfully found another weird way of stealing personal details of people through their own computers without sending malicious links or software to that system.
Researchers from Ben-Gurion University of Negrev have gone through the whole process of stealing data by tweaking the brightness of monitor by 3%, they explained that the Air-gapped Systems can easily be used to forcibly deprive anyone of their own data, most importantly that whole process can be clearly un-noticed by naive users or those who have less technical knowledge about hacking and tricking of cybercriminals.
Air-gapped computers are the desktop computers, which normally are more powerful than a normal PC and often dedicated to a special task, such as graphics etc that is why they are set apart from other services like internet connections to protect from malicious activities which can harm their flow of work.
Researchers presented an optical concealed channel by which sensitive data is surreptitiously covered on the LCD/monitor’s brightness that is purely beyond the sight of users.
This method can be executed when a user is on the system as well.
Following are the phases of the attack model:
- Academic researchers infected the specified system in the first phase by adding malware, advanced persistent threat (APT)
- Regulating the content beheaded in the display by encrypting it as a byte stream. Researchers allocated a rating of “1” on the screen to a certain degree of brightness, and “0” to another level of brightness.
- This yields a series of bits on the monitor when the screen brightness is quickly changed.
- A camera which could take the video of the view of the target computer is mounted in the last stage of the attack.
Studies managed to find that the method works well even if each pixel’s red colour is modified by only 3%. Such an insignificant shift in brightness might be meaningless to a naked human eye but a camera could catch it.
Fortunately, this attack has two pre-requirements which are difficult to achieve, thus retaining it out of the hands of average joe cybercriminals. First, the malware needs to be physically placed on the air-gapped target computer, and second, the hacker needs to find a way to surreptitiously penetrate the security cameras or webcams near the target PC to track the modulated information.