A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- Auditors found significant risks in BCPS network before ransomware cyberattackon November 27, 2020 at 1:17 pm
Maryland state auditors found significant risks within the Baltimore County Public Schools' computer network. The Office of Legislative Audits released the findings just days before a ransomware ...
- Threat Actors Spoofing Legitimate FBI Site Domains, Poses Cyberattack Riskon November 27, 2020 at 8:53 am
A recent FBI alert warned private sector organizations of an increase in internet domains spoofing legitimate agency sites, which poses the risk of future cyberattacks and other nefarious activities.
- North Korean hackers suspected of targeting vaccine maker AstraZeneca in cyberattack, Reuters reportson November 27, 2020 at 2:48 am
North Korean hackers are suspected to have carried out a cyberattack against British coronavirus vaccine developer AstraZeneca in recent weeks, Reuters revealed Friday, citing two unnamed sources with ...
- Patients of a Vermont Hospital Are Left ‘in the Dark’ After Cyberattackon November 27, 2020 at 2:45 am
At lunchtime on Oct. 28, Colleen Cargill was in the cancer center at the University of Vermont Medical Center, preparing patients for their chemotherapy infusions. A new patient will sometimes be ...
- BCPS IT officials trying to undo damage caused by ransomware cyberattackon November 26, 2020 at 3:18 pm
Baltimore County Public Schools information technology personnel are spending Thanksgiving trying to undo the damage caused by a ransomware cyberattack.
- Man United unable to fully restore systems after cyberattackon November 26, 2020 at 1:50 pm
Manchester United has been unable to fully restore its computer systems a week after being targeted in a cyberattack. The Premier League club's staff still did not have access to email on Thursday ...
- Truck routing provider Rand McNally hit by cyberattackon November 26, 2020 at 9:45 am
Chicago-based transportation technology firm Rand McNally is working on restoring network functionality following a cyberattack that hit its systems earlier this week.
- Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattackon November 26, 2020 at 9:00 am
A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. “I have no idea what to do,” one said.
- UVM Medical Center restores electronic medical records nearly a month after cyberattackon November 25, 2020 at 12:51 pm
The UVM Health Network restored electronic medical records at UVM Medical Center as well as partially at Central Vermont Medical Center.
via Bing News