Through Glass Transfer (TGXf)


  The TGXf application demonstrates that:
  • Any file that a user can read (use) can be downloaded (disclosure) via the screen, and;
  • There are currently no technical controls to mitigate the proof-of-concept implementation.

  Although technical vulnerability is constantly evolving (the proof-of-concept is defeatable), there is no foreseeable mitigation to the class of vulnerability described (storage based covert channels) and the general approach taken. This has the most impact when considering domestic enterprises that provide off-shore (overseas) partners with access to domestic data and processing infrastructure on-shore.

In technical terms, TGXf encodes binary data into packets that can be displayed on the screen of one computer and then captured (via camera) on another, where they are decoded and the data is stored on disk. By doing this, TGXf turns any display surface into a binary data transfer interface and bypasses enterprise security strategies (including defence-in-depth strategies).

  You can see a TGXf transfer in action here;

    Android smart-phone in flight mode, downloading a PDF from Youtube via a Laptop screen

  Taking the same approach, I have written the Through Keyboard Transfer (TKXf) protocol and application.

  The TKXf application demonstrates that:
  • Any user with write access to an environment can upload arbitrary scripts/executables/data.
  • There are currently no technical controls to mitigate the proof-of-concept implementation.

  You can see a TKXf-like transfer in action here (this example does not use a full TKXf implementation);

    TKXf Demo - Keyboard upload of payload via Windows to Linux

When you combine both TGXf and TKXf you get a full Through Console Transfer (TCXf) capability that enables full duplex (async) streaming binary data through the screen and keyboard, that is even able to facilitate networking through that screen and keyboard.

A TCXf demonstration can be seen here, facilitating SSH over PPP over Screen and Keyboard, via SSH from a Windows Thin Client to a Linux Server.

    TCXf Demo - IP networking over Screen and Keyboard!

This issue is not limited to the technical domain.  In June this year I wrote to the Office of the Australian Information Commissioner to advise of the legal implications of TGXf's transformation of "use" to "disclosure"
against the revised Australian Privacy Principles (as published February 2014).  And this is obviously not limited to the Australian regulatory frameworks or technologies in use in Australia, I believe that it will also directly affect those working with HIPAA, for example.

In that regard, I have published an information site online to draw the attention of the information security industry to the problem ( I have also presented directly to the industry on the topic, at the COSAC/SABSA conference two days ago in Dublin.  That presentation can be downloaded from the information site;

    Piano Thieving for Experts: That Bathroom Window IS Big Enough

  A participant of that presentation published an article on it yesterday;

    Data Leak Prevention Has A New Challenge:
    Introducing Through Glass Transfer

For your convenience, I have produced a 200 page white paper that covers the above and much more (including a test plan, the impact on Enterprise Security Architectures, a potential controls frame-work, and the gaps in NIST's Special Publications - for those relying on that framework);

    ThruConsoleXfer (TCXf) White Paper

​Source: ​

November 7, 2014
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments
8 years ago

How well would SSTV work with this?.

8 years ago


© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023