@inproceedings{06649bb3c8224291a1816385ee78f888,
title = "PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via 'Singing Pixels'",
abstract = "Air-gapped systems are disconnected from the Internet and other networks because they contain or process sensitive data. However, it is known that attackers can use computer speakers to leak data via sound to circumvent the air-gap defense. To cope with this threat, when highly sensitive data is involved, the prohibition of loudspeakers or audio hardware might be enforced. This measure is known as an 'audio gap'. In this paper, we present PIXHELL, a new type of covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. No audio hardware or loudspeakers is required. Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz. The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen. Acoustic signals can encode and transmit sensitive information. We present the adversarial attack model, cover related work, and provide technical background. We discuss bitmap generation and correlated acoustic signals and provide implementation details on the modulation and de-modulation process. We evaluated the covert channel on various screens and tested it with different types of information. We also discuss evasion and stealth using low-brightness patterns that appear like black, turned-off screens. Finally, we propose a set of countermeasures. Our test shows that with a PIXHELL attack, textual and binary data can be exfiltrated from air-gapped, audio-gapped computers at a distance of 2m via sound modulated from LCD screens.",
keywords = "acoustic, air-gap, audio, covert channel, exfiltration, LCD, pixels, screen",
author = "Mordechai Guri",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 48th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2024 ; Conference date: 02-07-2024 Through 04-07-2024",
year = "2024",
month = jan,
day = "1",
doi = "https://doi.org/10.1109/COMPSAC61105.2024.00134",
language = "American English",
series = "Proceedings - 2024 IEEE 48th Annual Computers, Software, and Applications Conference, COMPSAC 2024",
pages = "976--987",
editor = "Hossain Shahriar and Hiroyuki Ohsaki and Moushumi Sharmin and Dave Towey and Majumder, {AKM Jahangir Alam} and Yoshiaki Hori and Ji-Jiang Yang and Michiharu Takemoto and Nazmus Sakib and Ryohei Banno and Ahamed, {Sheikh Iqbal}",
booktitle = "Proceedings - 2024 IEEE 48th Annual Computers, Software, and Applications Conference, COMPSAC 2024",
}