WARNING - Hackers Can Steal Data by Watching a Computer’s Blinking LED (Windows and Linux)

in #tech8 years ago

THERE is a new spy technique that allows getting important data from a computer by watching the LED light of the hard drive using a drone. It was developed by researchers at the cybersecurity laboratory at Ben-Gurion University of the Negev in Berbesá, Israel, and could even affect computers that are physically separated from a network considered insecure - a security technique known as "air gap".


source

THE team of researchers has created a technique that uses a drone to catch the blinking of LED lights from a computer's hard drive - a light that exists on almost every Linux and Windows machine. By analyzing the flashing lights - which, depending on speed and pattern, can be decoded almost like Morse code - hackers are able to access sensitive information stored on the machine, such as decryption passwords (among other things), even if the computer is physically isolated from a network that may be perceived as unsafe.

THE "air gap", or the separation of a computer from a network, either physically or by encryption, was considered (so far) one of the most effective ways to increase the security of a machine. The computer, being completely isolated, would theoretically prevent hackers from accessing it. But researchers at the University of Bem-Gurion have now come to detect a flaw in this system. If a hacker really wants to attack a computer that is isolated, he can do so with the help of a drone.

cb16-airgap-security-stateoftheart-attacks-analy
source

BUT there is something that must be done first: the attacker must be able to infect the computer with malware, for example, by paying someone with direct access to the machine to infect it with a USB device or an SD card.

THIS malicious software will gain access to the machine and can manipulate it. However, until now, could not overcome the issue of transmitting information from a computer that is not connected to a network.

"If an attacker has a foothold in your air-gapped system, the malware is still able to send the attacker out", Mordechai Guri, a researcher at Ben-Gurion University, told Wired. "We found that the small hard drive LED indicator can be controlled up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance. ", explains the researcher.

HARD disk light flashes whenever a program attempts to access the hard disk and every time it archives information. It even flashes when the computer is in hibernation. "The LED is always blinking as it's doing searching and indexing, so no suspects, even in the night", Guri said. "It's very covert, actually."



THE malicious software program may cause the LED to blink for less than a fifth of a millisecond - and these quick signals can be used to send messages to a variety of cameras and light sensors from an infected computer. During the tests, the team was able to move data at a speed of 4000 bits per second, or one megabyte every half hour. It may not even sound like much - and it's not - but it's fast enough to steal an encryption password in a matter of seconds.

THIS is where the drone comes into play. The blinking of LED lights can be seen from a distance (with a powerful telescope, for example), but using a drone offers the possibility to record the blinking of the LED lights and repeat the recording to exhaustion, managing to retrieve as much information as possible.



THE camera used for recording must be suitable. Since the malware can cause the light to blink so briefly that it becomes undetectable by the human eye, the camera must be fast enough to capture it. In this case, the researchers realized that a Siemens photodiode sensor was the best choice because it was the one that captured the high-frequency light, which allowed them to reach a transmission speed in the order of 4000 bits per second.



BUT there is good news: it is possible to protect a computer from such attacks. Researchers suggest putting computers more sensitive in rooms without windows, or protecting windows with a type of glass that hides light signals. Alternatively (or at the same time) software can be used that inserts random signals in the blink of the LED light, creating noise and entropy and making the work of hackers impossible.

THERE is a much simpler and obvious way - and that, in fact, is already used by the more cautious on the webcams of laptops. Hackers can not decode the signals they can not see. Therefore, the simplest way of protection against such attacks is to cover the LED light with a dark tape. It is worth remembering that most computers that are used daily are linked to a network and therefore more vulnerable.



Refrences:

U5dtwrEWanaYvPSm2U9SjyrS9wcQH4t


Sort:  

@pipokinha, your post has been chosen by @STEEMNEWS.ONLINE as one of today's promoted posts for its excellent content. We've upvoted, resteemed and published it through Facebook & Twitter.

As the author of a SNO featured article, you've been awarded one TRAIL coin. Please stop by the SteemTrail Discord server to learn more about how to claim your TRAIL coin. You will need an Open Ledger account to do so.

STEEMNEWS.ONLINE is the @SteemTrail for #news and watches the #steemnews tag most closely. Please consider supporting excellent news articles by making steemnews.online one of your operators on Streemian, in addition to steemtrail.

Thank you for your hard work and contribution of excellent content to Steemit.

If you would rather not be promoted by STEEMNEWS.ONLINE, please inform us by replying to this comment and we will honor your request.

That's badass. I've also been reading that there's some research going on intercepting infrared waves from phones and such to decode what's going on there from the info from the waves.

dude....the first time I read the title I thought it said "markers can steal data by watching a commuters blinking Led hahaha

Very clever. I love these kinds of exploits, because they don't follow expectations or obey the normal "rules."

Very impressive, but just like with hackers who can get into a persons laptop and so on to spy on them through a webcam if it's a persistent problem it can be solved by putting some black masking tape over the thing or for that matter just keeping your computer away from the window and out of sight. This reminds me of when I first learned about BIOS beep codes, I had no idea that the little startup noise I was hearing was actually a set of signals.

Coin Marketplace

STEEM 0.18
TRX 0.16
JST 0.029
BTC 76470.55
ETH 3079.00
USDT 1.00
SBD 2.62