首页 > 新闻中心 > 行业动态
当前位置:首页 > 新闻中心 > 行业动态
发布时间:2021-10-09 04:48:01

Hackers in movies and TV dramas always bring their own magical operations: a little brother or a little sister with a weird personality knocks a few lines of code, the bank vault is opened, and the secret information of the other party is also available.


However, hackers in real life are different-their energy is even stronger!


From the computer with no internet, no Bluetooth, and no external USB flash drive in the picture below, they can successfully steal data from the computer just by relying on the change of screen brightness.


All of this starts with Dr. Mordechai Guri, a professor at the Negev Cyber ​​Security Research Center in Israel, who focuses on data transmission in the Air-Gap direction. The word Air-Gap, in layman's terms, means "getting things from the air."

所有这一切都始于以色列内盖夫网络安全研究中心的教授Mordechai Guri博士,他专注于沿气隙方向传输数据。用外行人的话说,“气隙”一词的意思是“从空中得到东西”。

What the hell? If people who study computers don't type the keyboard, why do they still specialize in spells? To


This is because his "spells" are not dealing with ordinary computers: the best way to prevent computers from being infected with viruses is to "physical isolation" without networking, Bluetooth, and data transmission. Many computers in factories, power stations, and confidential facilities are operated in this way in order to protect the safety of long-term operation.


In this case, conventional cyber attacks do not work. However, the goal of "fetching objects from space" is to obtain data from the attacked computer without physical contact. "Look at the brightness and get the data" is one of the methods of "getting things out of the air." In simple terms, subtle changes in the brightness of the computer screen can be used as codes to transmit information and steal relevant data.

在这种情况下,常规的网络攻击无效。但是,“从太空中获取对象”的目的是在没有物理接触的情况下从受攻击的计算机获取数据。 “看亮度并获取数据”是“让事物空洞化”的方法之一。简单来说,计算机屏幕亮度的细微变化可以用作传输信息和窃取相关数据的代码。

The reason why you can get data through brightness changes is because people and cameras have different recognition of the display: whether your display is LCD, LED or OLED, you need thousands of RGB pixels to display an image. . The human eye sees an image made up of pixels, but the camera does not have a human visual system and only sees the pixels.

之所以可以通过亮度变化获取数据,是因为人和相机对显示器的认识不同:无论显示器是LCD,LED还是OLED,都需要成千上万的RGB像素来显示图像。 。人眼只能看到由像素组成的图像,但是相机没有人眼视觉系统,只能看到像素。

Although the red, green and blue colors of these pixels are fixed, the display screen can achieve color changes by controlling the brightness of the pixels. If you plant malware on a computer connected to a display, you can control the brightness of a pixel.


Assuming that the pixel is not bright to represent "0" and bright to represent "1", the data stolen by the software can be turned into binary code. Although it is difficult for the naked eye to capture the brightness change of this pixel, hackers can process the image through the camera and finally read the data.

假设像素不亮代表“ 0”而亮不代表“ 1”,则可以将由软件窃取的数据转换为二进制代码。尽管肉眼很难捕捉到该像素的亮度变化,但黑客可以通过相机处理图像并最终读取数据。

It's like one person in a military training team of 10,000 people who took the abduction. Because the team stood too close, it was really impossible to find who was the one. But if you want to take out the binoculars to look carefully, or even use the camera to give a close-up, you can still catch the "shunki boy".


However, Shun Kuai in the military training team is just a joke, but this "small bright spot" is much more terrifying: through the transmission of binary codes, the surveillance camera can obtain some key commands. This is a serious security threat to some important facilities that operate offline.


Imagine that if someone finds out the relevant code for "emergency shutdown" at a power station and uses it, it might be a power outage in the city, causing serious chaos.


Is it possible that the disconnection doesn't work? I can only use the computer with a black screen in the future? This is too ridiculous!


Don't worry, there is still good news here. Researchers believe that if the surveillance lens is upgraded, the abnormal brightness of the small RGB bright spots on the LCD screen can be captured, so that security personnel can know the related abnormality of the computer in advance.


Of course, the better anti-hacking method is still a physical method: don't you want to use a camera? I do not install a camera. Looking for data, there is no door. As long as the source of information output is cut off, there is naturally no concern about leaks.


But the good news is often the bad news: the camera stealing data is just in its infancy, and the technology code-named "MOSQUITO" (MOSQUITO) can already use computer speakers to transmit ultrasound to further transmit data. This "mosquito", as its name suggests, is really a big pest.

但是好消息往往是坏消息:相机窃取数据的行为还处于起步阶段,代号为“ MOSQUITO”(MOSQUITO)的技术已经可以使用计算机扬声器来传输超声波以进一步传输数据。顾名思义,这种“蚊子”确实是一种巨大的害虫。

So it sounds, if I smash the headphones and speakers, wouldn’t it be foolproof?


Haha, you should know that another technology called AirHopper can also convert the noise of the computer's fan into code, and continue to leak.


Are you planning to remove the fan again? Don't worry, the sound waves generated by your mechanical hard drive can also be deciphered.


Even if you switch to a solid state drive, the magnetic field generated by your CPU will be detected by a nearby computer or mobile phone for further theft.


Even if you continue to toss the hardware, the computer always needs to be plugged in. If you are using a large power grid line, then congratulations, PowerHammer this technology happens to be able to read information through the current changes in the power grid line.


As an expert in the field of cyber security, Dr. Mordechai Guri has contributed a series of papers on "Retrieving from Space". Every few months, he can develop a new method of stealing data, and even the way of using the camera, now has a night vision version.

作为网络安全领域的专家,Mordechai Guri博士撰写了一系列有关“从太空检索”的论文。每隔几个月,他就可以开发一种新的窃取数据的方法,甚至可以使用相机,现在有了夜视版本。

Even the time for other people to sleep is not let go, not only ordinary people, but even security personnel will feel big.


"It's not over yet!"


Some people may have this question: Dr. Guri has written so many papers, isn't he encouraging people to do bad things?


Of course not. Although Dr. Guri exposed a series of methods to "steal data," the magic is one foot high, and the road is high. The fundamental purpose of discovering vulnerabilities is to minimize the risks caused by vulnerabilities.


You must know that the final realization of all "fetching objects from space" ultimately requires offline operations in advance, through USB and hardware wiring, artificially implanting malicious software or creating loopholes, otherwise, these magical operations will not be achieved.


In some hacker-themed games, players sometimes have to perform some seemingly boring "turn on the device" link, but in fact they are performing similar operations to pave the way for various skills.


Therefore, the ultimate method of defending against these airborne operations is to conduct strict computer operation management. If the security of the facilities is in place, no strangers enter, and the person operating the computer does not carry foreign hardware, it is not easy to realize these operations.


However, I don't know how far the security offensive and defensive warfare will escalate in the future. The only certainty is that this battle will continue to be fought.


(The picture material in the text comes from the Internet and is only for learning and communication)


上一条:yobo体育app-我狐欧联杯小组赛六轮对阵详细时间出炉提前说一句,... 下一条:【yobo体育app】现役法国国脚中,52%法国公众最爱姆巴佩,其次是格子

  360  |  百度  |  搜狗  |  神马