Mordechai Guri, Ofer Hasson, Gabi Kedma, Yuval Elovici
Conference: 2016 14th Annual Conference on Privacy, Security and Trust (PST)
In recent years, various out-of-band covert channels have been proposed that demonstrate the feasibility ofleaking data out of computers without the need for network connectivity. The methods proposed have been based on differenttype of electromagnetic, acoustic, and thermal emissions. However, optical channels have largely been considered lesscovert: because they are visible to the human eye and hence can be detected, they have received less attention from researchers.In this paper, we introduce VisiSploit, a new type of optical covert channel which, unlike other optical methods, is alsostealthy. Our method exploits the limitations of human visual perception in order to unobtrusively leak data through a standardcomputer LCD display. Our experiments show that very low contrast or fast flickering images which are invisible to humansubjects, can be recovered from photos taken by a camera. Consequentially, we show that malicious code on a compromisedcomputer can obtain sensitive data (e.g., images, encryption keys, passwords), and project it onto a computer LCD screen, invisibleand unbeknownst to users, allowing an attacker to reconstruct the data using a photo taken by a nearby (possibly hidden) camera.Our research yielding novel attack paradigms that exploit the subtle mechanisms of human visual perception.