Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by janrinok on Wednesday December 29 2021, @06:41AM   Printer-friendly

Lasers have been demonstrated to be capable of all kinds of attacks, from breaking into a smart home to non-line-of-sight imaging. Researchers at Germany's Karlsruhe Institute of Technology (KIT), the Technical University of Braunschweig, and the Technical University of Berlin demonstrated that physically isolated (air-gapped) computer systems can be hacked using a directed laser:

The researchers found that hackers can communicate secretly with air-gapped computer systems over several meters of distance, using a directed laser to transmit data to the light-emitting diodes of traditional office devices without additional hardware at the attacked device. Their work was presented at ACSAC '21, the Annual Computer Security Applications Conference.

"The LaserShark project demonstrates how important it is to additionally protect critical IT systems optically next to conventional information and communication technology security measures," says KIT Professor Christian Wressnegger.

Full story at Kit.edu Originally spotted on The Eponymous Pickle.

Journal Reference:
Niclas Kühnapfel, Stefan Preußler, Maximilian Noppel, et al. LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems, (DOI: https://arxiv.org/abs/2106.04119)


Original Submission

Related Stories

A Single Laser Fired Through a Keyhole Can Expose Everything Inside a Room 10 comments

A Laser Fired Through a Keyhole Can Expose Everything Inside a Room:

Being able to see inside a closed room was a skill once reserved for super heroes. But researchers at the Stanford Computational Imaging Lab have expanded on a technique called non-line-of-sight imaging so that just a single point of laser light entering a room can be used to see what physical objects might be inside.

Non-line-of-sight (NLOS, for short) imaging is by no means a new idea. It’s a clever technique that’s been refined in research labs over the years to create cameras that can remarkably see around corners and generate images of objects that otherwise aren’t in the camera’s field of view, or are blocked by a series of obstacles. Previously, the technique has leveraged flat surfaces like floors or walls that are in the line of sight of both the camera and the obstructed object. A series of light pulses originating from the camera, usually from lasers, bounce off these surfaces and then bounce off the hidden object before eventually making their way back to the camera’s sensors. Algorithms then use the information about how long it took these reflections to return to generate an image of what the camera can’t see. The results aren’t high resolution, but they’re usually detailed enough to easily determine what the object in question is.

The first link in the story is to a 3m39s YouTube video demonstrating the process in operation.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by looorg on Wednesday December 29 2021, @07:00AM (4 children)

    by looorg (578) on Wednesday December 29 2021, @07:00AM (#1208427)

    The retrieving data part from blinking LEDs etc have been known for some time. I guess the new part here is that you can also then send data into the device via the same LEDs?

    But still if I have my supersecretairgappedcomputer why would I allow you within several meters of it with your laser? There won't be any windows in the room either nor any peons doing mundane office work. So not sure about the actual usability in that regard. Better to hack the low hanging fruits.

    That said "several" meters is a bit of an understatement, according to the KIT article it's up to 25 meters, even tho the image above that text indicates that it should be less then 20 meters (so between 65-80 feet). Still quite a bit further then a few.

    Also if you can insert commands or instructions into the machine via the diodes how do you halt the machines normal function and not make it crash? Does this only work on idle machines?

    At least they had the decency to call it the LaserShark project. So they do have a sense of humor about it.

    • (Score: 0) by Anonymous Coward on Wednesday December 29 2021, @01:19PM

      by Anonymous Coward on Wednesday December 29 2021, @01:19PM (#1208460)

      Maybe they saw your post and changed the image? It now says "> 20m" not less than.

    • (Score: 2) by mcgrew on Thursday December 30 2021, @04:21PM (2 children)

      by mcgrew (701) <publish@mcgrewbooks.com> on Thursday December 30 2021, @04:21PM (#1208714) Homepage Journal

      The retrieving data part from blinking LEDs etc have been known for some time. I guess the new part here is that you can also then send data into the device via the same LEDs?

      And how in the hell could THAT possibly work? I didn't bother with TFA because the blurb makes no sense at all. LEDs transmit light, they don't receive it. This looks like the article was written by someone completely clueless about how light, lasers, electricity, and computers work. How did this even get posted? Really unlike S/N.

      --
      A Black, Hispanic, or Muslim voting for Trump is like a Jew voting for Hitler
      • (Score: 0) by Anonymous Coward on Friday December 31 2021, @02:24AM

        by Anonymous Coward on Friday December 31 2021, @02:24AM (#1208878)

        Incorrect. The junction in an LED will, in fact, convert photons to electronic potential.

      • (Score: 0) by Anonymous Coward on Friday December 31 2021, @02:28AM

        by Anonymous Coward on Friday December 31 2021, @02:28AM (#1208881)

        While LEDs are designed to emit light and can thus unnoticeably encode information through high-frequency flickering, their ability to also perceive light is largely unknown in the security community. In particular, by directing a laser on the LEDs of office devices, we induce a measurable current in the hardware that can be picked up by its firmware and used to receive incoming data.

        From TFP (the ACM one).

        This is well known to physicists and EEs, and highly unknown for some reason in the software security domain.

  • (Score: 4, Informative) by Mojibake Tengu on Wednesday December 29 2021, @07:49AM (2 children)

    by Mojibake Tengu (8598) on Wednesday December 29 2021, @07:49AM (#1208437) Journal

    This quite old trick is possible on any device where some LED indicator is (cheaply) driven directly by a GPIO port bit, which is usually configured as output for standard operation of said indicator but may be reconfigured as input in software as well.

    Depends on specific circuitry, but usually that works for many HW platforms, including SoCs and microcontrollers.
    Usually, on famous hardware the GPIO is accessible from userspace as a device, in most universal operating systems such as Linux of BSD.
    Of course, prerequisite software injection method for the platform is necessary to change behavior of a GPIO but that's usually the least problem today.

    My mitigation would be: hook a discrete transistor as a LED driver and a diode before that on such GPIO bit to force it one-way only. Contradicts "cheaply".

    --
    Rust programming language offends both my Intelligence and my Spirit.
  • (Score: 1, Informative) by Anonymous Coward on Wednesday December 29 2021, @08:36AM (2 children)

    by Anonymous Coward on Wednesday December 29 2021, @08:36AM (#1208442)

    This attack must be prepared in advance as it (obviously?) only works on systems that have been infiltrated before installation, i.e. it requires a supply-line attack first. You cannot take a fresh printer bought directly from a non-complicit supplier and use that for an attack. This means that an attack needs to work on several levels as it requires the peripheral to be modified and similarly the computer, all before they are installed (unless you have an inside accomplish), which to a great extent makes this attack more of an academic exercise than a relevant attack vector.

    • (Score: 0) by Anonymous Coward on Wednesday December 29 2021, @03:29PM

      by Anonymous Coward on Wednesday December 29 2021, @03:29PM (#1208478)

      If you're trying to read an LED from outside the room wouldn't it require windows?

    • (Score: 0) by Anonymous Coward on Thursday December 30 2021, @08:55AM

      by Anonymous Coward on Thursday December 30 2021, @08:55AM (#1208641)

      1) all attacks are "academic" before being packaged, moot point.

      and yet, in the new printer example my first target would be wireless chipset.

      both baseband, encryption, frame buffer handling and everything in between is full of tasty bugs/features.

      Led handling code would never be examined, cos several better flaws would be found before you ever get around to it.
      Maybe if there isnt any way in,... but that isnt possible.
      Like there will go like 30 years (in internet time) more before they (mainstream dummies) wise up to sub protocol attacks...

      Why would you need to hassle poor stressed people in the supply chain, when they have helpfully built all the necessary code into their "products"....

      2) "This means that an attack needs to work on several levels as it requires the peripheral to be modified and similarly the computer" - no.

      This just means, that leds can be used to network computers without marks seeing it in their GUI.
      dont have to build whole attack chain from this one side channel.

      I mean, when Broadcom or Quallcom start making lifi chips, yes you'll be able to take control of whole system by this channel, and run your code in the rings -4 to -5, lol.
        im sure of it.
      but in this particular case, meh.

  • (Score: 0) by Anonymous Coward on Thursday December 30 2021, @05:52AM

    by Anonymous Coward on Thursday December 30 2021, @05:52AM (#1208622)
  • (Score: 1) by pTamok on Thursday December 30 2021, @07:14PM

    by pTamok (3042) on Thursday December 30 2021, @07:14PM (#1208757)

    Frankly, I'm astonished this isn't from the Cyber-Security group at the Ben-Gurion University of the Negev. They've been doing this kind of stuff for years. Just take a look at their home page:

    https://cyber.bgu.ac.il/ [bgu.ac.il]

(1)