Scanner exploited in remote laser hacking attack
- Autor:Ella Cai
- Zwolnij na:2017-03-30
The humble flat-bed scanner can be used as a portal into a hacked computer, according to researchers from the Ben-Gurion University of the Negev.
Several messages were transmitted to trigger malware in computers using the technique, including from a laser 900m away and from a drone outside the building.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” said scientist Ben Nassi of Ben-Gurion University. “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
In another demonstration, the researchers used a Galaxy 4 phone to hijack a smart lightbulb in the same room as the scanner via radio signals. They then manipulated the bulb to send light signals to the scanner to trigger the malware.
To mitigate this vulnerability, the researchers recommend that scanner are connected to networks through a proxy server – which will prevent establishing a covert channel, at the expense of limiting printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT device,” said Nassi.
Professor Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify network vulnerabilities by establishing a clandestine channel in a computer network.
Several messages were transmitted to trigger malware in computers using the technique, including from a laser 900m away and from a drone outside the building.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” said scientist Ben Nassi of Ben-Gurion University. “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
In another demonstration, the researchers used a Galaxy 4 phone to hijack a smart lightbulb in the same room as the scanner via radio signals. They then manipulated the bulb to send light signals to the scanner to trigger the malware.
To mitigate this vulnerability, the researchers recommend that scanner are connected to networks through a proxy server – which will prevent establishing a covert channel, at the expense of limiting printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT device,” said Nassi.
Professor Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify network vulnerabilities by establishing a clandestine channel in a computer network.