Techly NewsGet the app

Get the latest tech news

Pixhell Attack: Leaking Info from Air-Gap Computers via 'Singing Pixels'


Air-gapped systems are disconnected from the Internet and other networks because they contain or process sensitive data. However, it is known that attackers can use computer speakers to leak data via sound to circumvent the air-gap defense. To cope with this threat, when highly sensitive data is involved, the prohibition of loudspeakers or audio hardware might be enforced. This measure is known as an `audio gap'. In this paper, we present PIXHELL, a new type of covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. No audio hardware or loudspeakers is required. Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz. The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen. Acoustic signals can encode and transmit sensitive information. We present the adversarial attack model, cover related work, and provide technical background. We discuss bitmap generation and correlated acoustic signals and provide implementation details on the modulation and demodulation process. We evaluated the covert channel on various screens and tested it with different types of information. We also discuss \textit{evasion and stealth} using low-brightness patterns that appear like black, turned-off screens. Finally, we propose a set of countermeasures. Our test shows that with a PIXHELL attack, textual and binary data can be exfiltrated from air-gapped, audio-gapped computers at a distance of 2m via sound modulated from LCD screens.

View a PDF of the paper titled PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via `Singing Pixels', by Mordechai Guri In this paper, we present PIXHELL, a new type of covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. Our test shows that with a PIXHELL attack, textual and binary data can be exfiltrated from air-gapped, audio-gapped computers at a distance of 2m via sound modulated from LCD screens.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of info

info

Photo of pixhell attack

pixhell attack

Photo of gap computers

gap computers

Related news:

News photo

Avis alerts nearly 300K car renters that crooks stole their info

News photo

The DOJ wants info on Google’s AI strategy to bust up its search monopoly

News photo

You had one job – and four US regulators will share info to check a merger didn't unfairly end it

« Bumble to leverage AI to help users with profile creation and conversations
The real power of Apple Intelligence will show up in third-party apps »