A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- A cyberattack known as e-skimming is getting more common with the rise of online shoppingon January 31, 2020 at 1:25 pm
Skimmers, or hidden devices designed to steal credit card information, have long been a threat for consumers at the gas pump or ATM. Now, skimming has gone high tech.
- United Nations Confirms ‘Serious’ Cyberattack With 42 Core Servers Compromisedon January 30, 2020 at 1:41 am
The United Nations was hacked and 'core' servers compromised during a cyberattack it chose not to disclose. Here's what we know so far.
- Computers still down in Oregon county hit by cyberattackon January 29, 2020 at 11:07 pm
One week after Tillamook County was hit by a cyberattack, the county computers remain unplugged while a cybersecurity firm tries to negotiate with criminals who deployed the ransomware, a county ...
- UN Confirms Cyberattack At Geneva, Vienna Offices In 2019on January 29, 2020 at 12:19 pm
The United Nations says its offices in Geneva and Vienna were hit by a cyberattack last year that exposed lists of user accounts, but it insisted that no sensitive information had been obtained by the ...
- U.N. says offices in Geneva, Vienna targeted by 'well-resourced' cyberattack last yearon January 29, 2020 at 11:58 am
The United Nations said on Wednesday that its offices in Geneva and Vienna were targeted by an “apparently well-resourced” cyber attack in the middle of last year that exposed lists of user accounts, ...
- Top Denver news: Police searching for missing mother of 4; univ. pays ransom in cyberattack; moreon January 29, 2020 at 8:50 am
Here's the most recent top news in Denver; see what headlines are trending among local readers, with links to full articles.
- Regis University paid ransom after cyberattack last fallon January 28, 2020 at 11:15 pm
DENVER — Six months after Regis University computers were targeted in a cyberattack, the university hosted a conference to help government agencies, businesses and schools better defend and recover ...
- Regis University’s cyberattack was “a crisis of the highest order,” but investigators couldn’t trace its originon January 28, 2020 at 9:33 pm
Information-technology experts from across Colorado convened at Regis University on Tuesday to learn never-before-shared details about last year’s crippling cyberattack — an experience the private ...
- Cyberattack strikes Belvidere City Hallon January 28, 2020 at 7:30 pm
BELVIDERE — The FBI is helping Belvidere authorities investigate a cyberattack that struck dozens of computers at City Hall this week, leaving city employees without access to email and other programs ...
via Bing News