PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via `Singing Pixels'

Mordechai Guri
DOI: https://doi.org/10.1109/COMPSAC61105.2024.00134
2024-09-08
Abstract:Air-gapped systems are disconnected from the Internet and other networks because they contain or process sensitive data. However, it is known that attackers can use computer speakers to leak data via sound to circumvent the air-gap defense. To cope with this threat, when highly sensitive data is involved, the prohibition of loudspeakers or audio hardware might be enforced. This measure is known as an `audio gap'. In this paper, we present PIXHELL, a new type of covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. No audio hardware or loudspeakers is required. Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz. The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen. Acoustic signals can encode and transmit sensitive information. We present the adversarial attack model, cover related work, and provide technical background. We discuss bitmap generation and correlated acoustic signals and provide implementation details on the modulation and demodulation process. We evaluated the covert channel on various screens and tested it with different types of information. We also discuss \textit{evasion and stealth} using low-brightness patterns that appear like black, turned-off screens. Finally, we propose a set of countermeasures. Our test shows that with a PIXHELL attack, textual and binary data can be exfiltrated from air-gapped, audio-gapped computers at a distance of 2m via sound modulated from LCD screens.
Cryptography and Security
What problem does this paper attempt to address?
### What problem does this paper attempt to solve? This paper aims to solve the problem of stealing sensitive information from air - gapped and audio - gapped computer systems. Specifically, the paper proposes a new covert - channel attack method - **PIXHELL attack**, which uses the pixels of the LCD screen to generate sounds of specific frequencies to transmit data without relying on traditional audio hardware or speakers. #### Background and Motivation 1. **Security of Air - Gap Networks** - Air - Gap networks protect sensitive information by means of physical isolation to prevent it from being threatened by external networks. However, despite such strict isolation measures, there is still a risk of being breached. 2. **Existing Covert - Channel Attacks** - Previous research has shown that attackers can use a computer's speakers or other audio devices to transmit data through sound or ultrasonic frequencies. To counter this threat, in highly sensitive environments, the use of audio hardware may be prohibited, creating what is known as an "audio - gapped" environment. 3. **Innovation Points of PIXHELL Attack** - In an audio - gapped environment, traditional speaker - based covert - channel attacks cannot be carried out. Therefore, researchers have developed the PIXHELL attack, which uses the electromagnetic noise generated by the internal components (such as coils and capacitors) of the LCD screen to transmit data. #### Main Contributions 1. **Covert - Channel without Audio Hardware** - A covert - channel attack method that does not rely on audio hardware, speakers or built - in speakers has been proposed. Instead, sound waves of specific frequencies are generated through the LCD screen. 2. **Transmission and Reception Mechanisms** - The modulation and demodulation algorithms at the transmitting end and the receiving end have been designed and implemented to ensure that data can be effectively transmitted between the infected computer and the receiving device. 3. **Concealment and Evading Detection** - A low - brightness pixel pattern is used, making the screen appear to be in a closed state during the attack, thus avoiding being detected. 4. **Multi - Screen Transmission and Screen - Splitting Technology** - The ability of multiple screens as transmitters has been evaluated, and how to increase the transmission rate through screen - splitting technology has been demonstrated. 5. **Discussion of Countermeasures** - Defensive measures against this new type of covert - channel attack have been proposed. #### Technical Principles - **Signal Generation** - By creating black - and - white stripe patterns on the screen and controlling the pixel display mode, sound waves of specific frequencies are generated. These sound waves can be captured and decoded by nearby microphones. - **Modulation Scheme** - Three basic modulation methods have been implemented: OOK (On - Off Keying), FSK (Frequency Shift Keying) and ASK (Amplitude Shift Keying) for encoding and transmitting binary data. - **Transmission Protocol** - It includes a preamble sequence, payload data and CRC check to ensure data integrity and accuracy. Through these technological innovations, the PIXHELL attack shows that even in a highly secure audio - gapped environment, attackers may still be able to steal sensitive information through non - traditional means. This provides new research directions and challenges in the field of information security.