CyberEye: Obtaining Data from Virtual Desktop by Video

TL;DR

CyberEye demonstrates a novel method to extract data from Virtual Desktop Infrastructure by encoding data into video and recording it, bypassing data transmission restrictions.

Contribution

This paper introduces CyberEye, a new technique to recover data from VDI by video recording, even when data transmission is forbidden.

Findings

Effective data extraction demonstrated on Citrix Workspace

High reliability of data recovery from virtual desktops

Open-source implementation available for research

Abstract

VDI is no longer safe and reliable anymore. VDI(Virtual Desktop Infrastructure, also called Cloud Desktop) is being widely used as working interface to avoid data exfiltration. With VDI client, end users can access internal data without obtaining data actually. In this paper, we present a new approach named CyberEye, to extract data from VDI by video even data transmission has been forbidden. By encoding data file to video, playing it in VDI meanwhile recording it in host PC, we can get full information of the data with video format, then decode it to recover the original data file. The proof-of-concept on Citrix Workspace and several other remote virtual desktops has strongly been proved the availability and reliability of the CyberEye. We introduce the usage in operation model to show how it's been designed and implemented in technical work section. And also, we have opened the source code to researchers for reproducing the work.