A drone made to steal data hovered above a parking lot at Ben-Gurion University in Beersheba, Israel. The built-in camera was trained to record the blinking light present on most Windows machines, quietly and without arousing suspicion.
The quadcopter, in this case, was an experiment held by researchers at Ben-Gurion’s cybersecurity lab to demonstrate a possible spy technique. The group has constructed a way to defeat the air gap, a security protection separating sensitive computer information from the internet from hackers.
Should an attacker manage to plant malware on a computer through an infected USB or SD card, reading the blinking light could reveal sensitive information. Each blink of the LED gives such information to anyone looking at it, whether through proximity, drone, or rooftop telescope lens.
Mordechai Guri, who has extensively researched ways to steal data from isolated computer systems, tells Wired , “If an attacker has a foothold in your air-gapped system, the malware still can send the data out to the attacker. We found that the small hard drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance.”
Previously, the air gap was seen as a perfect defense — without the internet or a connection to other machines, how could a computer reveal anything of much value? But malware has changed the landscape, infecting the American military system and failing to keep isolated systems totally safe. Once infected, these computers give away information via electromagnetic emanations, acoustic and heat signaling techniques, and that little blinking light.
It might not be accurate to call this discovery revolutionary since it so strongly benefits hackers, but it is certainly a sneakier, more efficient, more effective form of air-gap-hopping. The Morse-code-like patterns allow researchers to move data at 4,000 bits per second, which is almost a megabyte every 30 minutes — that’s an encryption key gone in seconds. Messages can be recorded for later use or the malware could instruct the computer to play the blinks on a loop.
Unlike similar techniques, this one draws significantly less attention, because the blinks occur regularly (anytime a program accesses the hard drive) anyway. They’re also easier to interpret because they require only that a hacker can see them, which can easily be done from a distance.
When their program read less than four kilobytes from the computer’s storage, the researchers found that they could cause the hard drive’s LED indicator to blink for less than a fifth of a millisecond. Using those quick blinks, they sent messages to different cameras and light sensors from the infected computer, using on-off-keying, a binary system of data encoding.
The researchers discovered that a smartphone can receive approximately 60 bits per second and a GoPro around 120 bits per second. A Siemens photodiode sensor worked significantly better, hitting their 4,000 bits per second transfer rate.
Some of the blinks were undetectable to the human eye but still registered on the light sensor, allowing hackers to potentially access information without anyone even seeing it.
The team of researchers isn’t particularly worried about their discovery because they say it isn’t difficult to protect computers from such a hack. If your machine is sensitive enough to be air-gapped, keep it away from a window or place a film over the window to mask a light flash. They also suggest protective software to randomly access the hard drive to create noise in the lighting that would mask any potential messages sent by the LED.
Of course, the simple solution is to cover the LED light in the same way early paranoids disguised their laptop’s camera — with a sticky note or piece of tape.
Source: Wired
Learn more about Electronic Products Magazine