A group of Israeli researchers have devised a new technique which can exfiltrate data from the PC from the air-gapped network using malware which is controlled using scanners.
The team is composed of Ben Nassi who is a graduate student at the Cyber Security Research Center in the Ben-Gurion University, and Yuval Elovici his advisor, based on the idea of the Adi Shamir, a prominent cryptographer.
This technique can be used by the hackers to establish a communication channel between a dangerous code running on the target machine in air-gapped network and attacker.
This technique leverages a flatbed scanner which is used by the researchers to send the commands to their malicious code running on target victim’s network.
“Our method uses the light transmitted by the attacker to a flatbed scanner which is then extracted by malware installed in the organisation,” reads the paper published by those researchers. ” The method we use exploits an organisation’s scanner which usually serves as a gateway to the specific organisation. To establish a covert channel between an attacker and a malware. The attacker controlling light source can be located from far away the targeted scanner.”
In order to transfer data from an air-gapped network the researchers used a light source near the scanner which then receives all the commands.
The scanner detects reflected light on its glass pane and translates it into binary and convert it into an image. Scanners are sensitive to any changes of light in the surrounding environment, even when a paper is on the glass or when the light source is infrared.