WHY THIS MATTERS IN BRIEF
- Air gapped systems are used to hold and protect top secret data, and they’re becoming increasingly vulnerable to hacks
Air gapped computer systems have always held a special fascination for hackers – firstly because of the challenge that surrounds being able to hack a system that’s logically and physically isolated from the rest of its tribe, and secondly, and probably more importantly because of the classified and sensitive data they hold. Air gapped systems, after all, are par for the course within organisations, such as defence, government and national security agencies that create and collect highly sensitive, top secret information.
Over the past twelve months we’ve seen a few new hacks that steal information from these isolated systems – everything from listening to hard drives to creating new viruses that use microphones to jump between the air gaps.
Now security experts in Israel have managed to demonstrate for the first time that you can also steal data from these systems by blinking and reading the LED’s on the front of them, and to prove it they enlisted the help of a drone.
Security researchers from Ben Gurion University recently demonstrated an attack in which they infected an air gapped machine with malware that could control the systems LED and cause it to blink in a pattern which transmitted sensitive, encoded data from the machine – just like Morse Code.
In a YouTube video put together by the researchers, a drone with a camera is flown up multiple stories outside of an office building until it locates the blinking HDD LED, and once it’s in the line of sight of the LED, it records the blinks and steals the data.
According to the researchers report, the LED can be forced to blink at up to 5,800 blinks per second, far beyond the rate that can be detected by the human eye. And even if the blinking was detected then LED’s are always blinking, and this makes the attack covert in a way that makes it likely it wouldn’t be noticed by the user in any case.
“Our experiment shows that sensitive data can be successfully leaked from air gapped computers via the HDD LED at a maximum bit rate of 4,000 bits per second – depending on the type of receiver and its distance from the transmitter,” the report said, “notably, this speed is 10 times faster than the existing optical covert channels for air gapped computers. These rates allow fast exfiltration of encryption keys, keystroke logging, and text and binary files.”
Citing other research, the report noted that the computer LED could be detected by certain cameras from 30 meters away or further and to encode the actual data, the report cited three main methods; On-Off Keying (OOK), Manchester Encoding and Binary Frequency Shift Keying (B-FSK).
While the new hack is unlikely to trick the more advanced security organisations though, like the NSA whose systems are buried deep in data centres below ground and out of the sight of cameras, it will still be an effective way to extricate sensitive data from millions of other commercial organisations, such as banks and energy companies.
In order to protect themselves though companies could ban cameras, cover or disconnect LEDs and shield windows, as well as invest in LED activity monitoring software, an LED activity monitoring camera, or signal jamming software.
Ultimately the new hack is just another step in the war of one upmanship but, again, it’s another hack that organisations now need to protect themselves against that didn’t exist before.