A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- Klaussner recovers from cyberattack on February 18, 2019 at 1:51 pm
ASHEBORO, N.C. – Full-line furniture vendor Klaussner Home Furnishings has returned to normal operations after suffering a cyberattack last week. According to a statement from KFI CEO Bill Wittenberg, ... […]
- Australian government and opposition hacked in major cyberattack on February 18, 2019 at 9:03 am
Australia's Prime Minister Scott Morrison has revealed that in addition to the cyberattack launched against the Parliament House computer network several weeks ago, the country's political parties hav... […]
- Australia says cyberattack carried out by foreign government on February 18, 2019 at 8:50 am
A cyberattack on Australian lawmakers that breached the networks of major political parties was probably carried out by a foreign government, prime minister Scott Morrison said on Monday. He did not n... […]
- Australia blames parliamentary cyberattack on foreign agents on February 18, 2019 at 7:46 am
CANBERRA, Australia —A cyberattack on Australia’s parliament was carried out by foreign agents, Prime Minister Scott Morrison said, coinciding with a warning from the country’s top intelligence offici... […]
- Australia Blames a Foreign Government for the Cyberattack on Political Parties on February 18, 2019 at 4:44 am
Australian Prime Minister Scott Morrison on Monday accused a “sophisticated state actor” of carrying out a cyberattack that breached Parliament’s network and also affected major political parties, Reu... […]
- Australia government hit by major cyberattack on February 18, 2019 at 4:30 am
The Australian government suffered an “unprecedented” cyberattack a couple of weeks ago, and allegedly, it’s the work of a “sophisticated state actor”. The media are reporting that the attack targeted ... […]
- After DNC and France’s Macron, Australia becomes latest target of ‘state actor’ cyberattack on February 18, 2019 at 3:39 am
The months ahead of elections are the ones when liberal democracies tend to be most vulnerable. This has rarely been as pronounced as in recent years, with electoral divides widening across Europe and ... […]
- 'Sophisticated state actor' behind cyberattack on Australian parliament - Scott Morrison on February 18, 2019 at 12:58 am
A "sophisticated state actor" was behind a cyberattack on the Australian parliament's computing network, the country's prime minister has said. Scott Morrison did not identify the state behind what he ... […]
- Australia says foreign government behind cyberattack on lawmakers on February 17, 2019 at 8:46 pm
SYDNEY: A cyberattack on Australian lawmakers that breached the networks of major political parties was probably carried out by a foreign country, Prime Minister Scott Morrison said on Monday, without ... […]
via Bing News