Hackers Control Air-Gapped Malware Using Scanners

  •  
  •  
  •  
  •  
  •  
  •  
  •  

Researchers have recently published a paper which describes how a piece of malware planted in an air-gapped network can be controlled remotely using an office scanner and a light source, such as a laser or a smart bulb.

The method of using scanners to jump the air gap was first summarised back in 2014 at the Black Hat Europe conference by Adi Shamir, professor of Applied Mathematics at the Weizmann Institute of Science and one of the inventors of RSA algorithm. Shamir along with Ben Nassi and Yuval Elovici have now published a detailed research paper on the attack method.

Many experiments conducted by these experts show that attacker can send a bunch of commands to a piece of malware present on an isolated machine just by pointing a light source at a connected flatbed scanner which has its lid open from outside the building which is housing the device.

This malware can be programmed to start scans at a specified date and time when attacker starts sending these commands. The researchers have pointed out that only the first scan date should be set as the subsequent dates can be supplied with each attack.

These commands are transmitted in the form of pulses from a laser or any other different light source because a 0 bit is sent when it’s off and 1 bit is transmitted when the light source is on. The light source can be an invisible infrared laser or a visible laser, this makes the attack stealthier.

The laser attack works if there is a clear line of sight from the outside of the building to the scanner. If the view is blocked by a curtain or a wall, the attacker can remotely hijack a smart bulb located in the same room as the targeted scanner and use it to send the signals.

source: securityweek

 

 

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!