- Air-gapped PCs, once thought secure, are now vulnerable to pixel-induced acoustic attacks.
- The PIXHELL attack uses pixel patterns to generate sound that leaks sensitive information.
- Hackers can exfiltrate data up to 2 meters away using nearby devices like smartphones.
Air-gapped PCs—fortress-like systems that are physically isolated from the internet—were thought to be the pinnacle of security.
Guess what? Hackers have just discovered a way to turn them into personal music players.
The new attack, known as “PIXHELL,” allows cybercriminals to eavesdrop on the noise emanating from a PC’s screen in order to steal sensitive information.
It’s as if your computer monitor has decided to start spilling secrets to the nearest eavesdropper.
Researchers at Israel’s Ben-Gurion University of the Negev discovered this sneaky attack method.
Their findings show that by exploiting the internal components of an LCD screen, such as coils and capacitors, hackers can generate acoustic signals ranging from 0 to 22kHz.
These signals can encrypt and transmit sensitive data, effectively transforming an air-gapped PC’s screen into a covert transmitter.
What is the best part (for hackers)? This can be accomplished without the use of speakers or audio hardware.
This is how it goes: The attack begins with traditional hacking methods, such as physical access, USB drives, or even a phishing attack.
Once the hackers have installed their malware on the target system, they begin collecting sensitive information.
The malware then cleverly converts this data into an acoustic signal by displaying specific pixel patterns on the screen.
These patterns cause the internal components of the screen to vibrate, producing a sound that can be detected by nearby devices such as smartphones or laptops.
Subscribe to our newsletter
In real-world experiments, PIXHELL was able to extract data from a PC located up to 2 meters away.
That’s close enough for a hacker to just stand outside a secure room with their phone and listen in on your screen’s “song.”
To make matters even more devious, the attack includes a concealment technique that alters the screen’s brightness and pixel color values.
For example, they set the RGB values so low that the screen appears black to the naked eye, concealing the fact that it is leaking data.
While this attack may sound like something out of a spy thriller, it should be taken seriously.
If air-gapped PCs can be compromised via something as seemingly innocuous as their screens, what other “secure” systems will be next?