4KDump: Exfiltrating files via hexdump and video capture

Abstract

This paper presents an exfiltration attack that targets systems with tight security measures; no connectivity and no ability to mount external devices. Our approach utilizes a mobile camera or a screen recorder to capture video while hexdump’ing a file using pre-installed utilities found in most operating systems. The captured video is analyzed at the attacker side using optical character recognition engines and the recognized letters are used to reconstruct the files. Our approach provides a 100% reconstruction rate given that console fonts can be perfectly recognized by OCR engines. We measure the exfiltration speed of our attack and show that we achieve up to 410 KBps when capturing video via mobile phones. We propose a set of defenses that can negate the attack while maintaining usability of the console.