A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- TMON users hit by cyberattack again on December 16, 2018 at 10:15 pm
TMON has been in the hot seat since a group of shoppers using its online payment system fell prey to a cyberattack amid growing concerns over the e-commerce firm's cybersecurity, according to industry ... […]
- 'Break your silence', Odiyan director urges Manju amid cyberattack on December 16, 2018 at 12:33 am
As social media is abuzz with unwanted comments intended to tarnish 'Odiyan' movie, its director Shrikumar Menon has asked actor Manju Warrier to speak out on the issue. Shrikumar claimed he ... […]
- Cyber Saturday—IBM Quantum Computers, Facebook Photo Bugs, Multimillion-Dollar Cyberattack Disputes on December 15, 2018 at 6:33 pm
Thirty miles north of New York City, IBM scientists are inventing technologies destined to reshape reality. Inside the stark and sweeping Eero Saarinen-styled exterior of the Thomas J. Watson ... […]
- First Joint Cross-State HIPAA Breach Lawsuit Brought in Response to 2015 Cyberattack on December 14, 2018 at 3:46 pm
A lawsuit has been filed by the attorneys general of 12 states against a company called Medical Informatics Engineering (MIE) arising out of a 2015 data breach involving stolen medical records for mil... […]
- Schenectady County gov’t website knocked offline by cyberattack on December 14, 2018 at 9:00 am
Schenectady County, N.Y. had to shut down its government website as it tries to dig out from a cyberattack. TheDaily Gazette reported some operations were not affected by the malware, including 911 ce... […]
- NIAC Urges Preparation for Natural Disaster and Cyberattack on December 12, 2018 at 1:30 pm
A presidential advisory council found that existing national plans, response resources, and coordination strategies would be outmatched by a catastrophic power outage. The National Infrastructure Advi... […]
- Cyberattack sidelines Middle East servers of Italian energy contractor Saipem on December 12, 2018 at 12:17 pm
Italian oil and gas industry contractor Saipem S.p.A. has reportedly confirmed that a Monday cyberattack impacted its servers and infrastructure in the Middle East as well as in Scotland. The specific ... […]
- Chinese Hackers Reportedly Behind Marriott Cyberattack on December 12, 2018 at 8:06 am
Chinese hackers were behind the cyberattack that compromised the personal information of about 500 million Marriott hotel guests, according to a New York Times report that cited sources involved in th... […]
- Chinese hackers reportedly behind massive Marriott cyberattack that exposed information of up to 500 million customers on December 12, 2018 at 6:35 am
A Chinese intelligence-gathering effort is reportedly behind the massive cyberattack on a Marriott hotel chain, which exposed the personal information of up to 500 million customers. Two people briefe... […]
via Bing News