Malware Steals Data By Adjusting Screen Brightness PCMag Follow Feb 6 · 2 min read

Malware on an air-gapped computer can transmit data like Morse code by changing screen brightness in a way that’s invisible to the naked eye but easily recorded with a camera.

By Matthew Humphries

A security researcher has discovered a novel way to steal data from a PC that isn’t connected to a network (air-gapped) by manipulating the brightness settings of a computer monitor.

As The Hacker News reports, the new technique was discovered/created by academic researcher Dr. Mordechai Guri of the Cyber-Security Research Center located at the Ben-Gurion University of the Negev in Israel. It relies on the air-gapped computer having special malware installed capable of changing the brightness of a display. However, the changes are only very small adjustments to the RGB color components of each pixel and therefore not detectable with the naked eye.

Stealing data from the infected machine is achieved by encoding the information and transmitting it using the screen brightness changes in a sequential pattern, which is very similar to how Morse code works. The only other requirement for this to work is a camera pointed at the display which can either record or stream the pattern being transmitted. Once the pattern is received, it can be converted back into meaningful data.

For this hack to work in the real world would require someone with access to the air-gapped machine installing the malware. The camera used can be anything from a compromised surveillance camera present in the same room, a webcam, or just a smartphone camera left pointed towards the display (and a strong, reliable 4G signal).

Although this technique is unlikely to ever be used as long as easier methods exist, it’s important from a security standpoint to know it’s possible and therefore mitigating action can be taken to ensure it can never work effectively.