Threat Intelligence

Novel PIXHELL attack could expose air-gapped computer data

An undocumented dropper uses a new technique of reading commands from Internet Information Services (IIS) logs to carry out intelligence gathering and deliver backdoors, according to Symantec. (Getty Images/tommaso79)

Air-gapped computers could be compromised through the novel PIXHELL side-channel attack that exploits acoustic signals generated by LCD screens to facilitate the exfiltration of sensitive data, reports The Hacker News.

Without the need for specialized audio equipment to conduct PIXHELL, threat actors could leverage social engineering and software supply chain attacks to distribute covert data exfiltration channel-triggering malware that would create an acoustic channel for the data, according to a study by Offensive-Defensive Cyber Research Lab Head Dr. Mordechai Guri. "When alternating current (AC) passes through the screen capacitors, they vibrate at specific frequencies. The acoustic emanates are generated by the internal electric part of the LCD screen. Its characteristics are affected by the actual bitmap, pattern, and intensity of pixels projected on the screen. By carefully controlling the pixel patterns shown on our screen, our technique generates certain acoustic waves at specific frequencies from LCD screens," said Guri, who also noted the possibility of off-hours attacks against the covert channels.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds