A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
The Latest on: Cyberattack
via Google News
The Latest on: Cyberattack
- Cyberattack response time averages 2 days, report findson October 13, 2021 at 4:00 am
According to a new survey from Deep Instinct, companies take up to two working days on average to respond to cyberattacks.
- UiPath and CrowdStrike combine forces to protect robot workers from cyberattackon October 12, 2021 at 2:03 pm
We do want our customers to understand [that] we know this is a mission-critical platform,” said Ted Kummert (pictured), executive vice president of products and engineering at UiPath Inc. “It’s now ...
- Olympus suffers second cyberattack in 2021on October 12, 2021 at 1:04 pm
Japanese tech manufacturer Olympus said on Tuesday that it was investigating a cyberattack on its IT systems in the US, Canada and Latin America. The company said the cybersecurity incident was ...
- Olympus says U.S. IT systems hit by possible cyberattackon October 12, 2021 at 12:34 pm
The incident follows a malware attack that Olympus said hit parts of its sales and manufacturing networks in Europe, Middle East and Africa last month.
- Microsoft warns it just blocked ‘BIGGEST cyberattack ever’ from ‘70,000 computers across Asia’ – including Chinaon October 12, 2021 at 10:55 am
MICROSOFT has fought off the biggest “DDoS attack” in recorded history. The huge cyberattack involved tens of thousands of computers – most of which were spread across Asia.
- Olympus Probing Possible Cyberattack on Its Americas Systemson October 12, 2021 at 8:49 am
Olympus Corp. is investigating a potential “cybersecurity incident” affecting its Americas IT systems, company says in statement.
- Olympus confirms US cyberattack, weeks after BlackMatter ransomware hit EMEA systemson October 12, 2021 at 8:42 am
Japanese technology giant Olympus has confirmed it was hit by a cyberattack over the weekend that forced it to shut down its IT systems in the U.S., Canada and Latin America. In a statement on its ...
- Cyberattack shuts down Ecuador's largest bank, Banco Pichinchaon October 12, 2021 at 8:12 am
Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline.
- Olympus US systems hit by cyberattack over the weekendon October 12, 2021 at 4:46 am
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada and Latin America) following a cyberattack that hit its network Sunday, o0, 2021.
via Bing News