Friday February 24, 2017

Hackers Can Steal Data by Observing Blinking LED Lights

For maximum security, corporations will air-gap their most sensitive data. Air-gap is when the PC isn't connected to the internet or other PCs connected to a network that can assess the internet. Sounds like a really protected PC that you can trust? Of course not!

In this age of industrial and international espionage, the Israelis have designed malware that when loaded onto the secure system will make the hard drive LED lights transmit the data on the system via Morse code. Then the data can be transmitted across great distances without the victim knowing. In the video below it is transferred via a drone that is using a camera to peer through a window from a parking lot at the corporation's complex. Could you imagine what data you could steal with a satellite and a mirror mounted on another building reflecting the LED light upwards to the heavens?

As far as speed goes, it can transmit 4,000 bits per second which is 10 times faster than conventional camera methods. Anyone want to do the math on how long to dump a 10 TB hard drive? Glad there are so many RGB lights on everything today. No security concerns there!

Like other air-gap attacks, one of the biggest hurdles that has to be overcome is getting malware onto the target computer. How do you install malware on a system that has no Internet connection? USB sticks and SD cards are the most common method, though both require a willing accomplice. That's not necessarily hard to find... if the job pays well enough.