Saturday, February 25, 2017

Ben-Gurion University of the Negev hack Air-gapped computer using Hard-drive LED

“Our method compared to other LED exfiltration is unique, because it is also covert. The hard drive LED flickers frequently, and therefore the user won't be suspicious about changes in its activity”

Dr. Mordechai Guri, head of R&D at the Cyber Security Research Center on their discovery of stealing data using hard-drive pulses

Folks, it is totally possible for hackers to steal data from a computer that is not connected to a computer.

Researchers at the BGU (Ben-Gurion University) of the Negev at the Cyber Security Research Center hacked a computer using the pulses of light on the LED drive as reported in article “Cameras can steal data from computer hard drive LED lights: study”, published February 22, 2017, Physorg.

Google Logo

Dr. Guri and the Cyber Security Research Center are super famous, having done a number of studies to demonstrate various techniques for hacking air-gapped computers. They even hacked such supposedly secure devices using computer speakers and fans, FM waves and heat given off by the machine and transmitted the data.

Clearly every vibration that a computer gives off can be used to read data, even the Bluetooth mice and keyboards as researchers at cyber security  Bastille Networks as noted in my blog article entitled “How Bastile's US$12 Geetech Crazyradio Bluetooth dongle can hack Wireless Keyboards and Mice”.

So how did they do it?

Ben-Gurion University and Air-gapped computers – Li-Fi can be a hacking tool via a drone

The researchers read data from a "air-gapped" computer using various types of cameras and light sensors. Air-gapped computers are isolated—separated both logically and physically from public networks.

Simply put, they machines not connected to the internet and thus cannot be hacked over the internet or via a company Internet. You have to get up close and personal and hack the machines, Mission Impossible Style. Just like in the movie, these machines are used to store an organization's most sensitive and confidential information.


The researchers demonstrated that data can be received by a Quadcopter located outside a window with line-of-sight of the air-gapped computer as noted in the article “Hackers circumvent 'air gap' security with a drone that 'reads' the lights on a computer”, published February 24, 2017 by Luke Dormehl, DigitalTrends.

Using a regular LED Lights found on most PC's and Laptops, they installed malware on the Hard-Drive that rapidly flipped the LED's on and off.


This occurred at a rate faster than the human eye can see and reminds me a lot of transmission of PureLiFi using LED Lasers as noted in my blog article entitled “Why pureLiFi Solar Powered Li-Fi is coming to Apple iPhone with 5G Internet by 2020”.  

This means that highly sensitive information can be encoded and leaked via LED signals and read by any reader device in range, even a sensors loaded on a Quadcopter mounted with remote cameras or light sensors.


No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.