You know that blinking light on your hard-disk drive (HDD) that tends to flicker non-stop? Well, it could be used to steal data from your computer, without you even knowing it was happening.
Security researchers from Ben Gurion University in Israel recently demonstrated an attack in which they infected a target machine with malware that was able to control the LED, and cause it to blink in a pattern which transmitted encoded data from the machine. What’s worse is that the sensitive data was leaked from an air-gapped computer, the research report said.
As noted by ZDNet’s Liam Tung, an air-gapped machine is one that is physically isolated from unsecure networks and, in theory, is harder to hack. However, that doesn’t mean that it is impossible to exfiltrate the computer’s data, as shown in this demonstration.
In a YouTube video put together by the researchers, a drone with a camera is flown up multiple stories outside of an office building until it locates the blinking HDD LED. Once it is in the line of sight of the LED, it records the blinks and steals the data.
According to the research report, the LED can be forced to blink at up to 5800 blinks per second, which is a rate that isn’t able to be perceived by the human eye. And, even if it was, the normal operation of the LED is to blink frequently. This makes the attack covert in that it likely wouldn’t be noticed by the user if it occurred.
“Our experiment shows that sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bit/s (bits per second), depending on the type of receiver and its distance from the transmitter,” the report said. “Notably, this speed is 10 times faster than the existing optical covert channels for air-gapped computers. These rates allow fast exfiltration of encryption keys, keystroke logging, and text and binary files.”
Citing other research, the report noted that the computer LED could be detected by certain cameras from 30 meters away or further. To encode the actual data, the report cited three main methods for doing so: on-off keying (OOK), Manchester encoding, and Binary Frequency Shift Keying (B-FSK).
The researchers looked at multiple cameras and sensors, most of which performed with differing bit rates and bandwidths.
A host of different countermeasures were presented. Procedurally, concerned businesses could ban cameras, cover or disconnect LEDs, and shield windows. On the technological side of things, businesses can invest in LED activity monitoring software, an LED activity monitoring camera, or signal jamming software.
The 3 big takeaways for TechRepublic readers
- Ben Gurion University researchers recently demonstrated an ability to steal data from an air-gapped computer by controlling its hard drive LED light.
- The data can be leaked at up to 4000 bits per second, which is fast enough to exfiltrate an encryption key, for example.
- Businesses can cover their hard drive LEDs, or purchase software or cameras to monitor its activity, to counter such attacks.
Source: SANS ISC SecNewsFeed @ February 23, 2017 at 12:51PM