(Figure: KASTEL/KIT)īy directing laser light to already installed LEDs and recording their response, the researchers establish a hidden communication channel over a distance of up to 25 m that can be used bidirectionally (in both directions). Schematic representation of the hidden optical communication channel, via which a physically isolated system may be attacked. Light-emitting diodes (LEDs) can receiving light, although they are not designed to do so. “This hidden optical communication uses light-emitting diodes already build into office devices, for instance, to display status messages on printers or telephones,” explains Professor Christian Wressnegger, Head of the Intelligent System Security Group of KASTEL. The Intelligent System Security Group of KASTEL – Institute of Information Security and Dependability of KIT, in cooperation with researchers from TU Braunschweig and TU Berlin, have now demonstrated a new attack: With a directed laser beam, an adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-side at the attacked device. ![]() Hidden Optical Channel Uses LEDs in Commercially Available Office Devices Moreover, they frequently allow for data exfiltration only, that is, receiving data. Previous attempts to bypass such protection via electromagnetic, acoustic, or optical channels merely work at short distances or low data rates. “Air-gapping” means that these systems have neither wired nor wireless connections to the outside world. Computers or networks in critical infrastructures are often physically isolated to prevent external access. This research project focuses on hidden communication via optical channels. ![]() Early December 2021, researchers of KIT, TU Braunschweig, and TU Berlin presented the LaserShark attack at the 37th Annual Computer Security Applications Conference (ACSAC). This sounds like a scene from the latest James Bond movie, but it actually is possible in reality. In addition to conventional information and communication technology security, critical IT systems need to be protected optically as well. With this, attackers can secretly communicate with air-gapped computer systems over distances of several meters. ![]() They show that data can be transmitted to light-emitting diodes of regular office devices using a directed laser. This is demonstrated by IT security experts of the Karlsruhe Institute of Technology (KIT) in the LaserShark project. Computer systems that are physically isolated from the outside world (air-gapped) can still be attacked.
0 Comments
Leave a Reply. |