A team of researchers have discovered an easy way for hackers to spy on computers screens remotely by using ultrasonic sounds picked up by webcam microphone. The sound is further analysed using machine learning to determine what is being shown on the computer’s screen.
The attack can allow savvy techies to spy on anyone’s browsing activities with ease.
Scientists from the University of Michigan, University of Pennsylvania and Tel Aviv University observed subtle acoustic noises coming from LCD screens – specifically faint, high-pitched sounds that are generated to power the display.
The technique was presented at the Crypto 2018 conference indicates that hackers can still extract monitor emanations from microphones or recordings 30 feet away from the computer.
this phenomenon called ‘Synesthesia,’ or a side-channel attack that can reveal what’s on a screen just by looking at ‘content-dependent acoustic leakage from LCD screens.’
‘The pertinent sounds are so faint and high-pitched that they are well-nigh inaudible to the human ear, and thus (unlike with mechanical peripherals) users have no reason to suspect that these emanations exist and that information about their screen content is being conveyed to anyone who receives the audio stream, or even a retroactive recording,’ according to the study.
‘In fact, users often make an effort to place their webcam (and thus, microphone) in close proximity to the screen, in order to maintain eye contact during videoconference, thereby offering high quality measurements to would-be attackers.’
For the study, researchers examined the acoustic leakage from a variety of LCD monitors, spanning different sizes and makers. The monitors were made between 2003 and 2017. They collected numerous of recordings of LCD display sound using an LG V20 phone in various positions and fed that information into a machine learning algorithm, which analyzed the data to predict what was on users’ screens.
The system was even capable of identifying which of the ten most popular websites was display on a monitor with 96.4 percent accuracy.
Eran Tromer, a cryptography and systems security researcher at Tel Aviv University and Columbia University, who participated in the research said
“I think there’s a lesson here about being attuned to the unexpected in our physical environment and understanding the physical mechanisms that are behind these gadgets that we use,”
The acoustic leaks are “a phenomena that in this case was not intended by the designers, but it’s there and therefore forms a security vulnerability.”
The whole thing that led to this research started in n way that people would not imagine even though it was something we do daily.
“One day I happened to be browsing a particularly boring legal agreement with many lines of proverbial small print,” Tromer says.
“It was too small, so I zoomed in, and then I realized that something in the ambient noise in the room changed. So I zoomed back out and the sound changed back. After awhile I realized that something about the periodicity of the image was affecting the periodicity of the sound.”
“Even if an attacker can’t train on a specific monitor model, there’s still a very good chance that the attack will work anyway,”
Other reports on the research state that a hacker might not necessarily use it;
For a hacker, using this type of acoustic screen attack would obviously be much more complicated and labor intensive than phishing or infecting a computer with malware. But the researchers say they were surprised by the accuracy they could achieve, and a motivated attacker could potentially refine their machine learning techniques much further. With so many screens unintentionally leaking these signals, the world is a playground for an attacker skilled and motivated enough to try.
Though I feel it would be easier for the government to use it as a tool for mass surveillance.
The report on the research can be found here