If you’ve got an air-gapped computer, it might be time to cover up the hard drive’s leaky flashing LED lights.Air-gapped computers aren’t physically connected to any network and so should be protected from remote hackers. However, Stuxnet showed air-gaps can be breached. Besides that, an insider could always insert a USB drive into an air-gapped computer.
If an attacker did manage to infect an air-gapped computer, they could steal data semi-remotely at their leisure by using a camera to capture signals from the LED lights of its hard-disk drive (HDD). The LEDs flicker when the drive is undergoing read and write operations, but can be made to transmit data visually.
The malware that the researchers devised can force an HDD LED to blink 6,000 times per second. If those lights are visible from a window, a camera-equipped drone or telescopic lens can capture the signals at a distance.
The researchers explain in a new paperthat data can be leaked from HDD LEDs at a rate of 4kbps. That speed is incredibly slow by today’s USB standards, but it’s more than enough to steal encryption keys or text and binary files. It’s an impressive 10 times faster than previous optical covert channels for leaking data from air-gapped computers.
“We found that the small hard-drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance.The beauty of the attack is that HDD LED lights blink anyway, making it easy to conceal that the infected machine is actually transmitting data.
Guri’s other malware-based attacks on air-gapped computers has shown that data can be leaked from a computer’s speakers and fans, FM waves, and heat.
The encoding scheme they used to transfer data from the HDD LEDs is called on-off keying, which is just one method of visible light communication.
Also Read:There’s a Linux-powered car in your future
The researchers tested a number of camera devices to steal data from LEDs, and point out that if an organization hoped to prevent such an attack by pointing a video surveillance camera at the air-gapped computer, the camera itself could be compromised.
Their tests looked at an entry-level Nikon DSLR, a high-end security camera, a GoPro Hero5, a Microsoft LifeCam, a Samsung Galaxy S6, Google’s Glass, and a Siemens Photdiode sensor.
The Siemens sensor had by far the highest bit rate of nearly 4kbps, while the Galaxy S6 and GoPro Hero5 had bandwidths of 60 bits per second and 120 bits per second, respectively.
While they did not comprehensively test the distance at which LED light can be reliably captured to analyze signals, they noted that they have been able to identify LED signals from 20 meters away outside the building.Alternatively, organizations could install signal jammers, or software, or a camera to monitor LED activity.