Air-gapped computers could be compromised through the novel PIXHELL side-channel attack that exploits acoustic signals generated by LCD screens to facilitate the exfiltration of sensitive data, reports The Hacker News.
Without the need for specialized audio equipment to conduct PIXHELL, threat actors could leverage social engineering and software supply chain attacks to distribute covert data exfiltration channel-triggering malware that would create an acoustic channel for the data, according to a study by Offensive-Defensive Cyber Research Lab Head Dr. Mordechai Guri. "When alternating current (AC) passes through the screen capacitors, they vibrate at specific frequencies. The acoustic emanates are generated by the internal electric part of the LCD screen. Its characteristics are affected by the actual bitmap, pattern, and intensity of pixels projected on the screen. By carefully controlling the pixel patterns shown on our screen, our technique generates certain acoustic waves at specific frequencies from LCD screens," said Guri, who also noted the possibility of off-hours attacks against the covert channels.
