A newly discovered method of covert channel attack has the potential to breach air gaps in highly sensitive organizations. In the realm of industrial control systems security, the concept of an “air gap” has been a point of contention. Typically, an air gap refers to a complete physical separation between networks, ensuring that no Wi-Fi signals, wires, or other forms of communication can pass through. This security measure is commonly utilized by critical military, government, and industrial facilities to safeguard their networks from Internet-based cyber threats that could compromise state secrets and public safety.
However, any medium capable of transmitting data can be exploited to transmit malicious information. Mordechai Guri from Ben-Gurion University in Israel has been researching methods to breach air gaps using sound waves for quite some time. His latest attack scenario, known as “Pixhell,” leverages the sounds generated by rapidly shifting bitmap patterns on an LCD screen to steal data.
Pixhell operates by infecting or controlling at least one device on each side of an air gap. Since air gaps often connect critical networks with less critical ones, attackers may employ Internet-based tactics to breach the less secure side, while more sophisticated methods are required to infect the highly secure side. Once a device behind an air gap is compromised, the attacker can manipulate the pixels on the screen to generate specific frequencies that cause the screen’s components to vibrate and emit sound waves carrying encoded data to a receiving device on the other side of the air gap.
While LCD screens produce high-pitched frequencies that are inaudible to humans, they fall within the range that can be encoded and transmitted through speakers and microphones. In experiments, the Pixhell malware successfully transmitted data over distances of up to two and a half meters using this method.
Apart from acoustic attacks, there are numerous other creative ways to execute covert channel attacks. For example, Ethernet wiring can be repurposed as software-defined radio transmitters and receivers, and even LED lights on modems can inadvertently leak data transmissions. However, the most sensitive organizations, such as intelligence agencies, military installations, and power plants, have implemented advanced security measures to mitigate these risks.
For most organizations, a physical air gap is an effective defense against potential adversaries. However, the most high-security sites have implemented additional measures to prevent covert channel attacks. By isolating operational technology (OT) and information technology (IT) equipment in separate server rooms connected by unidirectional gateways, these organizations have minimized the risk of data leakage.
While some countermeasures, such as acoustic jammers, can thwart attacks like Pixhell, they may create too much noise to be practical in everyday work environments. As technology evolves, organizations must continuously assess and enhance their security practices to protect against emerging threats like covert channel attacks.
In conclusion, the threat of covert channel attacks underscores the importance of robust cybersecurity measures, especially in highly sensitive environments. By staying informed about the latest security risks and implementing best practices, organizations can safeguard their networks and data from malicious actors.
