Devious new cyberattack leaks secrets from LCD screen noise on air-gapped computers

News
By published

There is a way to grab secrets through an LCD display without even looking at it

Samsung
(Image credit: Samsung)

If you thought the recent RAMBO side-channel attack was straight out of a James Bond movie, wait until you hear about PIXHELL.

Recently, cybersecurity researchers from Ben-Gurion University of the Negev, Israel, the same group which discovered RAMBO, are now reporting on PIXHELL, a side-channel attack that can exfiltrate sensitive data through the frequencies emitted by - the LCD display.

Apparently, one can force the display to emit a specific frequency in the range between 0-22 kHz. The signals sent that way can then be picked up by nearby devices, such as smartphones, decoded, and read. So, in theory, one could steal passwords and other sensitive data that way.

Attacking air-gapped systems

The attack is obviously a long shot, but with state-sponsored threat actors lurking about, it’s not that hard to imagine spies using it. Since the upload rate is super slow (20 bits per second (bps)), small files and pieces of text is all one can expect to grab. Furthermore, the attacker is required to stand relatively close to the vulnerable device (just a few meters) for the upload to succeed.

The researchers argue that this type of attack can be leveraged against air-gapped systems. Those are computers that are disconnected from networks and the wider internet, in order to prevent any unauthorized access. So, even if a user inadvertently introduces malware (for example, via a compromised USB device), the malware would still have no way to exfiltrate the data, since the computer is disconnected from the internet.

In those scenarios, cybercriminals and state-sponsored actors usually turn to side-channel attacks, in which different physical or behavioral characteristics allow for indirect information leakage. Things like power consumption, timing information, electromagnetic emissions, or even sound, can all be leveraged to extract certain important data.

By analyzing these characteristics, attackers can infer secret data, like encryption keys, without needing to break the encryption itself. Side-channel attacks are often passive, making them difficult to detect.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Location Data
Cloudflare CDN flaw could expose user location simply by sending an image
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Optical system for data encryption
Is it quantum-resistant? Researchers create 'uncrackable' encryption system by pairing AI and holograms produced by laser
Concept art representing cybersecurity principles
How to combat exfiltration-based extortion attacks
Digital image of a lock.
Xerox printer security risk could let hackers sneak into your systems
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in VPN Privacy & Security
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
More about vpn privacy security
Swiss flag with view of Geneva city, Switzerland

Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
NordVPN CTO Marijus Briedis speaking at a panel during RightsCon 2025 in Taipei, Taiwan, on February 25.

Cyber threats are evolving everywhere – and "prevention alone is insufficient," says NordVPN CTO
Close up of Leica M11-P viewfinder

I wince at the prospect of the rumored Leica M11-V – here's why
See more latest
Most Popular
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time