Even Air-Gapped Computers Are Vulnerable To Attack

The Coronavirus pandemic period has seen a significant increase in cyber attacks, largely due to the growth in connectivity for many devices in remote and hybrid work settings. A common approach to try and frustrate these attacks is the most simple one of all - disconnect devices from the internet.  This approach known as “air gapping” is really easy.

If a device isn’t connected to the web, it can’t be attacked by hackers. This method is supported by the CIA, among many others, who recommend it as part of an organisation’s ransomware defenses. Now, it turns out not to be so simple. In fact, computer systems that are air-gapped and physically isolated from the outside world can still be attacked using lasers.

This has been demonstrated by IT security experts at Braunschweig University and the Karlsruhe Institute of Technology (KIT) who found that data can be transmitted to light-emitting diodes of regular office devices using a directed laser. Previous attempts to bypass air-gapping via electromagnetic, acoustic, or optical channels only work over short distances or at low data rates and this allows for data exfiltration only.

The Braunschweig researchers were able to  demonstrate that attackers can secretly communicate with air-gapped computer systems over distances of several meters. 

The Intelligent System Security Group at KIT, in cooperation with researchers from TU Braunschweig used a directed laser beam to simulate how a malicious adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-side at the attacked device. "This hidden optical communication uses light-emitting diodes already build into office devices, for instance, to display status messages on printers or telephones," explains KIT's  Professor Christian Wressnegger

Light-emitting diodes (LEDs) can receive light, although they are not designed to do so. With a directed laser beam, an adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-side at the attacked device. By directing laser light to already installed LEDs and recording their response, the researchers established a hidden communication channel over a distance of up to 25 meters that can be used bi-directionally. It reaches data rates of 18.2 kilobits per second inwards and 100 kilobits per second outwards.

Alarmingly, it appears that this optical attack technique  is possible in a normal office environment with the standard network and computer devices of the sort used at companies, universities and any other organisation.  

In addition to conventional information and communication technology security, it looks like critical IT systems need to be protected optically as well.

University of Braunschweig:    KIT:    Science Daily:       I-HLS:   CACM:    Reddit:      CPS-VO:     Cybernews

You Might Also Read: 

How To Secure Web Gateway & Web Filtering:
 

 

« Artificial Intelligence Distorts Government Decision-Making
Quantum Computing Raises As Many Problems As It Solves »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Quadible

Quadible

Quadible BehavAuth is an AI-platform that continuously authenticates the users, without the need of any input, by learning their behavioural patterns.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.