Data Security

New TrojPix technique uses screen pixels to exfiltrate data from air-gapped computers

Cyber Threats Pictured: Neon Green Hacker's Skull & Crossbones on Binary Background

Per The Hacker News, researchers have developed a novel method called TrojPix that can extract data from air-gapped computers by subtly manipulating on-screen pixels to emit radio signals.

The TrojPix technique, developed by Shandong University researchers, exploits the video cable to radiate faint radio signals that can be captured by a nearby receiver. This method requires malware to be present on the target machine, acting as an exfiltration channel rather than an entry point. In tests, TrojPix achieved a peak throughput of 8.1 Mbps, significantly faster than previous air-gap covert channels, enabling the transfer of large files in minutes. The technique does not require administrator rights or hardware modifications, with user-level malware capable of drawing to the screen being sufficient. It can operate by faking a powered-off display or by embedding signals within ordinary on-screen content. The method has been demonstrated across multiple monitor brands and video cables.

While previous research has explored similar electromagnetic emanations, TrojPix offers a substantially higher data transfer rate. Unlike air-gap attacks seen in the wild, which often use USB drives, TrojPix leverages radio signals. Countermeasures include using fiber-optic video links, shielding sensitive areas, and, most importantly, preventing malware infection in the first place.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds