Mind the Air Gap: Hackers Can Infiltrate Your Computer Via LEDs

© Photo : PixabayLed lights
Led lights - Sputnik International
Subscribe
Israeli researchers have found a way to hack into computers by aiming drones at the blinking LEDs found on most desktops computers, the first means ever identified of defeating "air gap" defenses - although the highly specialized solution can be defeated by highly unspecialized precautions.

The newfangled espionage technique was showcased at Ben-Gurion University in Beersheba, Israel. A quadcopter drone flew up to an office building, and filmed the flashing light of a computer inside. After just a few minutes, the drone had exfiltrated a vast swathe of sensitive information by recording the LED indicator's flashing patterns.

Few of even the most tech-savvy may have been aware, but those pinpoint flickers are not mere flashing lights — they are in fact an optical stream of a computer's contents, transmitting data like morse code.

The data-stealing technique, shown in action from the drone's point-of-view in the video below, is the first publicly identified that can defeat the security protection known as an "air gap," which separates computer systems from the internet in order to quarantine them from hackers.

While it's possible to install malware on an offline computer manually, for example by uploading the virus onto the computer via a USB stick or SD memory card, extracting that information has hitherto proved an elusive objective.

This approach has now offered a means of rapidly mining a machine's secrets when it's offline. Every LED can splurt sensitive information to an observer with a line of sight to the target computer — this would be most easily achieved by a human on a nearby roof armed with telescopic lens, and most easily overall via a camera-equipped drone.

The method is extraordinarily covert, as these lights are constantly blinking while a computer is on, and no one would find the light flashing incongruous as a result. Moreover, they found LEDs can produce up to 6,000 blinks per second — not only meaning data may be transmitted extremely quickly, but that the naked eye of even the most meticulous observer would not detect the flashes as they are too fast.

"Air gaps" had previously been regarded as effectively impregnable — by definition, hackers can't compromise a computer not connected to the internet or other internet-connected machines — but certain types of malware have demonstrated an "air gap" can't exclude a truly motivated hacker from an ultra-secret system, as all computer systems need code updates and new data. Once these are uploaded or downloaded onto a machine, hackers can quite easily gain access. Methods for seizing information after an initial breach had hitherto been unforthcoming, though.

Laptop with headphones - Sputnik International
Don't Own an IoT Device? No Worries, Your Headphones Can be Hacked Instead

But exploiting the computer's hard drive indicator LED has the potential to be a stealthier, higher-bandwidth, and longer-distance form of air-gap-hopping communications. By transmitting data from a computer's hard drive LED with a kind of morse-code-like patterns of on and off signals, the researchers found they could move data as fast as 4,000 bits a second, or close to a megabyte every half hour.

That may not sound like much, but it's fast enough to steal an encryption key in seconds. And the recipient could record those optical messages to decode them later; the malware could even replay its blinks on a loop, Guri says, to ensure that no part of the transmission goes unseen.

For those worrying about how to defend themselves against such an innovative, cunning infiltration technique, the good news is that it can very easily be countered via humble, unsophisticated means — simply place a portion of tape over the computer's LED.

In the wake of Edward Snowden's revelations about the extent of GCHQ and NSA spying, many conscientious computer users began to obscure their webcams, to prevent monitoring. The next big security-savvy thing could well be covering up one's LED.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала