The encoding scheme they used to transfer data from the HDD LEDs is called on-off keying, which is just one method of visible light communication. Guri's other malware-based attacks on air-gapped computers has shown that data can be leaked from a computer's speakers and fans, FM waves, and heat. "The hard-drive LED flickers frequently, and therefore the user won't be suspicious about changes in its activity." "Our method compared with other LED exfiltration is unique, because it is also covert," Guri said. The beauty of the attack is that HDD LED lights blink anyway, making it easy to conceal that the infected machine is actually transmitting data. We can transmit data in a very fast way at a very long distance," Ben-Gurion researcher Mordechai Guri told Wired. "We found that the small hard-drive indicator LED can be controlled at up to 6,000 blinks per second. According to the researchers, it's an impressive 10 times faster than previous optical covert channels for leaking data from air-gapped computers. That speed is incredibly slow by today's USB standards, but it's more than enough to steal encryption keys or text and binary files. The researchers explain in a new paper that data can be leaked from HDD LEDs at a rate of 4kbps. If those lights are visible from a window, a camera-equipped drone or telescopic lens can capture the signals at a distance. The LEDs flicker when the drive is undergoing read and write operations, but can be made to transmit data visually.Īs Wired reports, the malware that the researchers devised can force an HDD LED to blink 6,000 times per second. Security researchers from Israel's Ben Gurion University have just demonstrated that if an attacker did manage to infect an air-gapped computer, they could steal data semi-remotely at their leisure by using a camera to capture signals from the LED lights of its hard-disk drive (HDD). Besides that, an insider could always insert a USB drive into an air-gapped computer. However, Stuxnet showed air-gaps can be breached. Of encryption keys, keystroke logging, and text and binary files.Air-gapped computers aren't physically connected to any network and so should be protected from remote hackers. Notably, this speed is 10 times faster than the existing opticalĬovert channels for air-gapped computers. Leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000īits per second, depending on the type of receiver and its distance from the Our experiment shows that sensitive data can be successfully Finally, we discuss hardware and software countermeasuresįor such a threat. LEDs (red, blue, and white) and tested different types of receivers: remoteĬameras, extreme cameras, security cameras, smartphone cameras, drone cameras,Īnd optical sensors. During theĮvaluation, we examine the physical characteristics of different colored HDD User-level malware, that doesn't require a kernel component. Present various data modulation methods and describe the implementation of a Technical background regarding the HDD LED and its hardware control. We discuss attack scenarios and present the necessary Routinely flickers frequently, and therefore the user may not be suspicious toĬhanges in its activity. Our method is unique, because it is also covert - the HDD activity LED Sensitive information can be encodedĪnd leaked over the LED signals, which can then be received remotely byĭifferent kinds of cameras and light sensors. Visual perception capabilities of humans. It on and off rapidly (up to 5800 blinks per second) - a rate that exceeds the We show that a malware can indirectly control the HDD LED, turning Our method utilizes the hard diskĭrive (HDD) activity LED which exists in most of today's desktop PCs, laptopsĪnd servers. Download a PDF of the paper titled LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED, by Mordechai Guri and 3 other authors Download PDF Abstract: In this paper we present a method which allows attackers to covertly leakĭata from isolated, air-gapped computers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |