Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Friday February 24 2017, @01:44PM   Printer-friendly
from the if-they-have-physical-access,-they-have-everything dept.

Apparently anything on a PC that makes noise or light is fair game for exploitation to breach air gapped PCs.

Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs).

Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from or written to the disk. The blinking frequency and duration depend on the type and intensity of the operation being performed.

According to researchers, a piece of malware can indirectly control the LED using specific read/write operations. More precisely, the size of the buffer being written or read is proportional to the amount of time the LED stays on, while sleeping causes the LED to be turned off. Experts have determined that these LEDs can blink up to 6,000 times per second, which allows for high data transmission rates.

The state of the LED can be translated into "0" or "1" bits. The data can be encoded using several methods: LED on is "1" and LED off is "0" (OOK encoding), off and on is "0" and on and off is "1" (Manchester encoding, which is slower but more reliable), or on for a certain duration is "1" and on for a different duration is "0" (Binary Frequency Shift Keying).

A piece of malware that is installed on the targeted air-gapped device can harvest data and exfiltrate it using one of these encoding systems. As for reception and decoding, the attacker must find a way to observe the targeted device's activity LED, either using a local hidden camera, a high-resolution camera that can capture images from outside the building, a camera mounted on a drone, a compromised security camera, a camera carried by a malicious insider, or optical sensors.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by looorg on Friday February 24 2017, @02:02PM

    by looorg (578) on Friday February 24 2017, @02:02PM (#471101)

    Tape to the rescue! So another part of the computer I have to put tape over then, first it was the camera and now I can't even show the blinking LEDs anymore. Come to think of it looking at my tower I don't even have showing LEDs anymore - Immunity! Just from memory I don't think I have been having blinking HD LEDs on the front of my tower for a really long time. There is one on my laptop, but it's very small and positioned so that my body should cover it from any drone hanging around behind me, and I think I would notice a drone hanging just above or behind me for a while unless they invent total stealth mode. Also won't it be fairly obvious if you have a drone hovering outside your window as it tries to read your computer.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Friday February 24 2017, @02:39PM

    by Anonymous Coward on Friday February 24 2017, @02:39PM (#471118)

    If you were just waiting for this article to think of taping over (or unplugging!) your computer's activity lights, you're doing it wrong.

    • (Score: 2) by bob_super on Friday February 24 2017, @05:25PM

      by bob_super (1357) on Friday February 24 2017, @05:25PM (#471195)

      Well, you also need to tape over your screen, just in case some program displaying a gray dot is actually modulating the pixels to transmit data to anyone pointing a high-speed camera towards it.

      There's paranoia, and then there's stupidity. This is straight up stupid.

  • (Score: 0) by Anonymous Coward on Friday February 24 2017, @07:01PM

    by Anonymous Coward on Friday February 24 2017, @07:01PM (#471258)

    If your computer's not airgapped, you probably wouldn't need to tape the LEDs -- if anyone manages to get malware running on your system to manipulate the HDD light, that malware can probably just send the data out over the network.

    If you are setting up an airgapped system, well, you might as well tape over (or better, remove/unplug) the HDD LEDs -- not because it's particularly likely to face malware attempting to exfiltrate data via HDD LED, but because if you make it categorically impossible, you don't have to assess how probable it is, and whether or not there's some place someone could mount a secret camera/receiver. (Note that direct line of sight to the LED is not needed -- if someone can look through a door or window, and see a diffuse reflection off a wall, that's good enough.)

  • (Score: 1) by Ethanol-fueled on Saturday February 25 2017, @12:42AM

    by Ethanol-fueled (2792) on Saturday February 25 2017, @12:42AM (#471379) Homepage

    I taped it anyway, my power LED is blue and is pretty goddamn bright with the sleep-killing spectrum of light when at night.

    Next we'll have BIOS hackers attacking Gaymers by modulating their motherboard rainbow LEDs like this [wikipedia.org] or some shit.