A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- Lawrenceville police investigate cyberattack on department's computerson July 19, 2019 at 2:57 pm
LAWRENCEVILLE, Ga. (FOX 5 Atlanta) - The city of Lawrenceville confirmed Friday afternoon some of their police computer systems came under a cyberattack this past weekend. The attack started overnight ... […]
- Henry County, Ga., Says No Ransom Demanded in Cyberattackon July 19, 2019 at 9:59 am
(TNS) — Henry officials struggled through a second day of an apparent cyberattack on Thursday that dismantled county services and forced staff to pull out typewriters and switch to paper forms, after ... […]
- 62 colleges hit by cyberattackon July 18, 2019 at 8:00 am
— The Education Department issued a warning about the "active and ongoing exploitation" of a security flaw with a popular technology product used by colleges to manage student information, financial ... […]
- San Francisco on high alert after cyberattack on Asian Art Museum computerson July 17, 2019 at 5:25 pm
SAN FRANCISCO (KGO) -- The ransomware attack on the Asian Art Museum foundation's computer system in May raised alarms at San Francisco City Hall. "It has re-elevated the conversation at City Hall ... […]
- Data of Nearly Every Adult in Bulgaria Likely Stolen in Cyberattackon July 17, 2019 at 10:00 am
Someone stole the personal and financial information of millions of Bulgarian taxpayers—likely the majority of the adult population. Bulgaria police head of cybersecurity Yavor Kolev said on ... […]
- Data of Nearly All Bulgarians Stolen in Cyberattackon July 17, 2019 at 6:29 am
The data of 5 million Bulgarians has been compromised after a major cyberattack on the National Revenue Agency (NRA), the country's tax reporting service. According to Capital, a weekly newspaper in ... […]
- Terrorism, cyberattack ruled out as cause of Manhattan power outageon July 15, 2019 at 3:26 pm
Power was restored to the heart of New York City after a major outage Saturday impacted an estimated 72,000 customers, mostly in Manhattan's midtown and Upper West Side. Con Edison said it completed ... […]
- Did An Iranian Cyberattack Force A Military Spy Satellite To Drop From The Sky?on July 12, 2019 at 7:59 am
An investigation has been launched by the European Space Agency (ESA) and French aerospace group Arianespace into the failed launch of a rocket carrying a military spy satellite into space for the ... […]
- Questions about U.S. cyberattack blowbackon July 10, 2019 at 7:14 am
Editor's Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To ... […]
via Bing News