Posted on Friday, February 24 2017 @ 16:21 CET by Thomas De MaesschalckNow the university came up with a method to transmit data via HDD activity LEDs. Once a computer is infected, it's possibly to control the HDD LED to transmit data in a Morse code like fashion. This rapid flickering can then be picked up by a remote camera or light sensor:
Researchers at BGU's Cyber Security Research Center have demonstrated that data can be stolen from an isolated "air-gapped" computer's hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.In the video clip below, they demonstrate the concept using a drone that establishes a line-of-sight with an infected computer. The practical applications are probably low but it's certainly a neat concept.
In the new paper, the researchers demonstrated how data can be received by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer.
Air-gapped computers are isolated -- separated both logically and physically from public networks -- ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organization's most sensitive and confidential information.
Led by Dr. Mordechai Guri, Head of R&D at the Cyber Security Research Center, the research team utilized the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops. The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second) -- a rate that exceeds the human visual perception capabilities. As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.
"Our method compared to other LED exfiltration is unique, because it is also covert," Dr. Guri says. "The hard drive LED flickers frequently, and therefore the user won't be suspicious about changes in its activity."
