New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
Key Points:
- Researchers at Shandong University developed TrojPix, a technique that covertly transmits data from air-gapped computers by subtly modulating on-screen pixels to emit faint radio signals via video cables, which nearby receivers can decode.
- TrojPix requires malware already present on the target machine and achieves a peak data rate of 8.1 Mbps, enabling the transfer of large files in under two minutes, significantly faster than previous air-gap covert channels.
- The method works without administrator rights or hardware changes and can hide transmissions by simulating a powered-off display or embedding signals in normal screen content, tested successfully across multiple monitor brands and cable types.
- While TrojPix demonstrates a high-speed data exfiltration possibility, real-world effectiveness is limited by physical barriers like walls and shielding, and it remains a laboratory proof-of-concept rather than a documented attack in the wild.
- Countermeasures include using fiber-optic cables, shielding sensitive environments, and preventing malware infection, as the emission itself cannot be patched away and the technique depends entirely on prior system compromise.