A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
Learn more: Scanners Can Be Hijacked to Perpetrate Cyberattacks
[osd_subscribe categories=’cyberattack’ placeholder=’Email Address’ button_text=’Subscribe Now for any new posts on the topic “CYBERATTACK”‘]
The Latest on: Cyberattack
[google_news title=”” keyword=”cyberattack” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Cyberattack
- Senegal government websites hit by cyberattackon May 28, 2023 at 9:07 am
A cyberattack purportedly claimed by the Anonymous hacking group took down dozens of government websites in Senegal, where tensions are simmering nine months before a presidential election, officials ...
- Senegalese government websites hit with cyberattackon May 27, 2023 at 9:21 am
A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo ...
- Cyberattack targets government websites in Senegalon May 27, 2023 at 9:10 am
A cyberattack allegedly carried out by a group with links to hacker group Anonymous paralyzed Senegalese government websites on Friday ...
- Auto parts maker Denso targeted in ransomware cyberattackon May 26, 2023 at 5:00 pm
Hackers targeted major auto parts manufacturer Denso Corp. in a ransomware cyberattack in late December, but company officials said the incident has not affected business operations. A hacker ...
- China’s Latest Cyberattack Is an Active Threat to Critical US Infrastructureon May 26, 2023 at 1:46 pm
China’s latest cyberattack is a threat to critical U.S. infrastructure and signals it intends to disrupt civil society.
- Sysco hit by cyberattack, theft of customer dataon May 26, 2023 at 9:19 am
Sysco revealed earlier this month that it was the victim of a cybersecurity attack, with the perpetrators possibly stealing social security numbers of some employees and financial information of some ...
- BlackByte ransomware claims City of Augusta cyberattackon May 26, 2023 at 6:27 am
The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network.
- Italy's Industry Ministry reports 'heavy' cyberattackon May 26, 2023 at 5:02 am
The Italian Industry Ministry's web portal and applications were hit by a "heavy cyberattack" on Friday and were out of order, it said. Technicians were working to "mitigate the consequences" of the ...
- Italy’s Industry Ministry Says Website Down After Cyberattackon May 26, 2023 at 3:58 am
The website of Italy’s industry ministry was under attack by hackers on Friday, with users unable to access it, according to a statement.
via Bing News