A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- Risk of 'deadly' cyberattack looms amid coronavirus outbreakon March 20, 2020 at 7:33 am
The coronavirus pandemic has increased the risk of cyberattack, the World Economic Forum has warned. Officials note that, with the world battling to contain the coronavirus outbreak, a cyberattack ...
- The Cybersecurity 202: Coronavirus pandemic makes U.S. more vulnerable to serious cyberattack, lawmakers warnon March 19, 2020 at 5:53 am
The United States is increasingly vulnerable to a cyberattack targeting hospitals, food supplies or other vital functions during the coronavirus pandemic, lawmakers and experts say. They're calling on ...
- Legal Tech Companies Shouldn't Rely on Rebranding After a Cyberattackon March 18, 2020 at 8:42 am
Announcing a cyberattack isn’t a milestone celebrated by any legal tech company. But cyber incidents occur in legal tech, like any other industry. Still, instead of rebranding and distancing itself ...
- One of the Czech Republic's biggest COVID-19 testing labs hit by cyberattackon March 18, 2020 at 4:03 am
The Brno University Hospital in the city of Brno, Czech Republic, has been hit by a misterious cyberattack.
- Barr: 'Severe' consequences if foreign government behind HHS cyberattack during coronavirus outbreakon March 17, 2020 at 7:27 pm
Attorney General William Barr vowed there would be “severe” consequences if a foreign country was behind the cyberattack against the Health and Human Services Department's website on Sunday or behind ...
- U.S. health agency was under cyberattack during its response to coronaviruson March 17, 2020 at 5:08 pm
The U.S Health and Human Services Department was targeted in a cyberattack over the weekend as the agency grapples with the coronavirus crisis, which has killed 69 people in the country as of Monday.
- Cyberattack hits US health agency during coronavirus pandemicon March 17, 2020 at 1:09 am
The U.S. Department of Health and Human Services was hit by a cyberattack right in the middle of the global coronavirus pandemic. The Sunday night attack, according to media reports, was aimed at ...
- Cyberattack hits U.S. health department amid coronavirus crisison March 16, 2020 at 5:13 pm
(Reuters) - The U.S. Department of Health and Human Services, a key part of the federal response to the fast-spreading coronavirus outbreak, was hit by an unspecified "cyber incident" on Sunday, ...
- US Department of Health suffers cyberattack designed to disrupt coronavirus responseon March 16, 2020 at 5:00 pm
The computer systems of the US Health and Human Service Department have suffered a cyberattack as part of a campaign of disruption and disinformation aimed at undermining the country's response to the ...
via Bing News