Researchers at Shandong University have unveiled a new attack technique, dubbed TrojPix, that can extract data from air-gapped computers—systems physically disconnected from any network—by exploiting electromagnetic radiation from video cables. The method manipulates on-screen pixels in ways invisible to the human eye, causing the video cable to emit faint radio signals that a nearby receiver can decode.
This technique targets the most sensitive environments, such as military facilities, nuclear power plants, or financial systems, where air-gapping is considered a gold standard for security. The researchers demonstrated that TrojPix can achieve exfiltration rates that are significantly faster than previous methods, though exact speed figures were not disclosed in the source.
Critically, TrojPix does not bypass initial defenses. An attacker must first plant malware on the target machine through other means, such as a USB drop, supply chain compromise, or insider threat. Once the malware is active, it modulates pixel brightness or color patterns that are undetectable to the user but generate measurable electromagnetic leakage in the video cable's radio frequency emissions.
No CVE identifier was assigned in the public disclosure, and the researchers have not yet released mitigation guidance. However, potential countermeasures include using shielded video cables, ferrite chokes, or optical-based interfaces that do not produce the same leakage profile. Organizations with high-security air-gapped systems should review physical access controls and monitor for unusual screen activity.
The attack underscores the evolving threat landscape for air-gapped environments, which were long considered invulnerable to remote data theft. While the technique requires preexisting malware, its speed and subtlety raise the bar for defensive measures in classified and critical infrastructure settings.