A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- Office of Ohio Secretary of State targeted by cyberattackon November 26, 2019 at 8:06 pm
COLUMBUS, Ohio — The office of the Ohio Secretary of State Frank LaRose was the target of a cyberattack, according to an office spokesperson. Officials say the attack stemmed from a computer in Panama ...
- DiBella's finally notifies customers of cyberattack that happened more than a year agoon November 26, 2019 at 9:55 am
(WFSB) - A sandwich shop with several Connecticut locations warned customers that their financial information may have been at risk more than a year after a cyber attack. DiBella's Subs issued a ...
- DiBella's sub shops hit with cyberattackon November 26, 2019 at 6:58 am
Customers of DiBella’s Subs are being urged to check their credit and debit card bills after the company was hit with what authorities said was a highly sophisticated cyberattack carried out between ...
- Pemex Comms Still Spotty After Cyberattackon November 26, 2019 at 5:12 am
Some of Pemex's communication systems are still affected two weeks after a cyberattack hit Mexico's beleaguered state oil firm. (Bloomberg) -- Some of Petroleos Mexicanos’s communication systems are ...
- Man behind cyberattack on Long Beach company, SoCal school threats, pleads guilty to hacking and conspiracyon November 25, 2019 at 5:40 pm
LOS ANGELES — A member of a worldwide computer-hacking group pleaded guilty in Los Angeles on Monday to federal charges of making bogus shooting and bombing threats against schools both abroad and ...
- Louisiana motor vehicles offices reopening after cyberattackon November 25, 2019 at 4:05 pm
BATON ROUGE, La. (AP) — Eight regional locations for Louisiana’s Office of Motor Vehicles have reopened after a cyberattack crippled agency operations last week. Other branch locations will resume ...
- Pemex Communications Still Spotty After Crippling Cyberattackon November 25, 2019 at 1:14 pm
Some of Petroleos Mexicanos’s communication systems are still affected two weeks after a cyberattack hit Mexico’s beleaguered state oil firm. For some employees, internet access is limited, some ...
- Reports of Pemex cyberattack has U.S. companies taking precautionson November 25, 2019 at 10:00 am
American oil companies operating south of the border are stepping up their cybersecurity measures following reports of a ransomware attack that allegedly knocked out computers at Mexico's state-run ...
- Cyberattack potential puts pressure on record keeperson November 24, 2019 at 8:00 pm
"Some firms could not tell us what gaps in security they have found during a simulated cyberattack," he said. "Instead they simply reassured us that work was undertaken to close those gaps," he said.
via Bing News