New Side-Channel Attack ‘PIXHELL’ Targets Air-Gapped Computers via Screen Noise

Researchers have uncovered a new side-channel attack technique, dubbed “PIXHELL,” that targets air-gapped systems by exploiting the “audio gap.” This attack uses the noise generated by the pixels on a screen to exfiltrate sensitive data.

According to Dr. Mordechai Guri, head of the Offensive Cyber Research Lab at Ben Gurion University of the Negev, malware on an air-gapped or audio-gapped computer can create specific pixel patterns on the screen. These patterns generate noise within the frequency range of 0 – 22 kHz. The malicious code then manipulates the sound produced by the screen’s coils and capacitors to transmit data via acoustic signals.

What makes PIXHELL particularly concerning is that it doesn’t require any special audio hardware, such as speakers or microphones. Instead, the attack relies solely on the LCD screen to generate the necessary acoustic signals.

Air-gapped systems are typically used in high-security environments to prevent unauthorized access by physically isolating them from external networks. However, PIXHELL shows how even these systems can be vulnerable to sophisticated attacks. Such defenses can be bypassed through various means, including rogue insiders or compromised hardware and software supply chains. In some cases, an infected USB device or social engineering tactics could be employed to introduce malware into the air-gapped system.

As Dr. Guri noted, attackers might use methods like phishing or supply chain attacks to introduce vulnerabilities into the system. The PIXHELL attack mirrors previous research, such as the RAMBO attack, where malware creates an acoustic channel for data transmission from audio-gapped computers.

The attack leverages the fact that LCD screens contain inductors and capacitors, which vibrate and emit audible noise when electricity passes through them—a phenomenon known as coil whine. By carefully controlling the pixel patterns displayed on the screen, the malware can modulate these vibrations to encode data into acoustic signals.

Once the data is encoded, it can be transmitted to a nearby device, such as a Windows or Android system, which demodulates the signals and retrieves the exfiltrated information. The effectiveness of this attack depends on several factors, including the screen’s internal components and the specific pixel patterns being used.

Although PIXHELL’s use of visible bitmap patterns makes it detectable to an observant user, attackers could launch the attack during off-hours or reduce the pixel colors to make the screen appear black, lowering the chances of detection. However, this also reduces the quality of the transmitted signal, making it a trade-off for stealth.

Dr. Guri’s team has previously explored similar attacks, using sounds generated by various computer components such as fans, hard drives, and power supplies to breach air-gapped systems.

To mitigate this type of attack, experts recommend using acoustic jammers, monitoring audio frequencies for unusual signals, restricting physical access to authorized personnel, banning smartphones, and employing external cameras to detect unusual screen activity. These countermeasures can help defend against the increasingly sophisticated methods of covert data exfiltration, such as PIXHELL.

- Advertisement -