This post is also available in: עברית (Hebrew)
Computers or networks in critical infrastructures are often physically isolated to prevent external access. “Air-gapping” means that these systems have neither wired nor wireless connections to the outside world. Previous attempts to bypass such protection via electromagnetic, acoustic, or optical channels merely work at short distances or low data rates. Moreover, they frequently allow for data exfiltration only, that is, receiving data. Now it appears that air-gapped computer systems can still be attacked. Hackers attack computers with lasers.
Researchers demonstrated that data can be transmitted to light-emitting diodes (LEDs) of regular office devices using a directed laser. With this, attackers can secretly communicate with air-gapped computer systems over distances of several meters. In addition to conventional information and communication technology security, critical IT systems need to be protected optically as well. IT security experts of the Karlsruhe Institute of Technology (KIT) in Germany conducted the LaserShark project that focuses on hidden communication via optical channels.
With a directed laser beam, an adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-side at the attacked device. “This hidden optical communication uses light-emitting diodes already built into office devices, for instance, to display status messages on printers or telephones,” explains Professor Christian Wressnegger, Head of the Intelligent System Security Group of KASTEL – KIT. Light-emitting diodes can receive light, although they are not designed to do so.
According to homelandsecuritynewswire.com, by directing laser light to already installed LEDs and recording their response, the researchers established a hidden communication channel over a distance of up to 25 m that can be used bi-directionally. It reaches data rates of 18.2 kilobits per second inwards and 100 kilobits per second outwards.
This optical attack is possible in commercially available office devices used at companies, universities, and authorities. “The LaserShark project demonstrates how important it is to additionally protect critical IT systems optically next to conventional information and communication technology security measures,” concluded Wressnegger.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2022, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on November 2nd – 3rd
Interested in sponsoring / a display booth at the 2022 INNOTECH exhibition? Click here for details!