New side-channel attack could let cybercriminals use PC microphones to spy on victims

• Attackers could capture screen content just by picking up acoustic signals from a computer display, using regular microphones.
• The new side-channel attack could allow attackers to conduct spy operations, steal data and more.

Academic researchers have successfully managed to capture a targeted computer’s screen content just by picking up acoustic signals from a computer display, using regular microphones. This method could allow attackers to conduct a series of potential cyberattacks such as conducting surveillance operations, stealing information and more.

The research was conducted by Daniel Genkin from the University of Michigan, Mihir Pattani from the University of Pennsylvania, Roei Schuster from the Tel Aviv University and Cornell Tech, and Eran Tromer from the Tel Aviv University and Columbia University.

Modus operandi

The researchers studied audio emissions from dozens of LCD monitors (using both CCFL and LED backlighting) and found that there was a connection between the audio produced and image displayed on the computer screen. The audio emanating from a computer completely varied according to the power supply. These audio signals are barely audible to human ears but a common microphone can easily detect and record it.

By analyzing the audio recorded on the spectrogram, the researchers were able to identify the content displayed on the computer’s screen.

“Our attack works in two stages: In an off-line stage, the attacker collects training data (audio traces) to characterize the acoustic emanations of a given type of screen, and uses machine-learning to train a model that distinguishes the screen content of interest (e.g., websites, text, or keystrokes),” the researchers said in their research paper.

“In the on-line stage, the attacker records an audio trace of the actual screen under attack (whether in person or remotely), and then uses the trained model to deduce the on-screen content,” the researchers added.

However, the technique has some limitations and this can it difficult for attackers to successfully exploit it. The researchers noted that “different monitor models display different content-dependent sound patterns”.

In other words, hackers must have a precise knowledge of the user’s monitor model in order to pilfer data.

Outcomes

Images of 97 websites were used to determine the successful attempts of the experiment. Using recording devices to read the content of the screen, researchers obtained 97% accuracy. The researchers were also able to achieve several goals by exploiting the audio signal. This included distinguishing between websites displayed on the screen, differentiating between websites and a video conference screen, and extracting text entered via Ubuntu’s on-screen keyboard.