A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
[osd_subscribe categories=’cyberattack’ placeholder=’Email Address’ button_text=’Subscribe Now for any new posts on the topic “CYBERATTACK”‘]
The Latest on: Cyberattack
[google_news title=”” keyword=”cyberattack” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Cyberattack
- Reader letter: Full inquiry needed into hospital cyberattackon November 19, 2023 at 4:00 am
Unless you are living it, you don’t know how upsetting the cyberattack at Windsor’s hospitals is for patients and families who have cancer and any other patients who need life-saving operations. My ...
- Paying ransom for data stolen in cyberattack bankrolls further crime, experts cautionon November 18, 2023 at 1:00 am
Organizations are finding themselves on the receiving end of cyberattacks, including ransomware, where they're under pressure to pay hackers for access to their stolen data. Despite the potential ...
- Hospitals getting back on track after cyberattack but threat still loomson November 17, 2023 at 12:27 pm
As hospitals across southwestern Ontario continue to restore systems and juggle patients in the wake of a devasting cyberattack, officials said Friday the threat that hackers could inflict more damage ...
- Bluewater Health CEO says sorry for concerns over cyberattackon November 17, 2023 at 10:26 am
Bluewater Health says it’s sorry for the concerns of patients caused by a cyberattack at the hospital last month.
- Hospital launches dedicated phone line for cyberattack victimson November 17, 2023 at 9:47 am
Tara Jeffrey Bluewater Health says it has opened a dedicated phone service for patients who may have had their SIN numbers compromised as a result of the recent cyberattack. Specifically, ...
- Cyberattack on ICBC's US unit to not have material impact on parent bank - Fitchon November 16, 2023 at 4:42 am
The U.S. arm of Industrial and Commercial Bank of China Ltd (ICBC) was hit by a ransomware attack last week that disrupted trades and sent ripples through the U.S. Treasuries market, where the bank ...
- Personal info, including staff social insurance numbers, stolen in Toronto library cyberattackon November 15, 2023 at 9:11 am
The Toronto Public Library says personal information — including the names, birthdays, social security numbers and home addresses — of current and former employees was stolen in a ransomware attack ...
- Stolen cyberattack data includes info on every Sarnia hospital patient in last 30 yearson November 10, 2023 at 8:46 am
The records stolen in a sustained and devastating cyberattack against five southwestern Ontario hospitals includes information about every Sarnia patient in the last three decades, Bluewater Health ...
- Russian spies behind cyberattack on Ukrainian power grid in 2022 - researcherson November 8, 2023 at 7:00 pm
Sandworm hackers rose to prominence in 2015 after a separate cyberattack against Ukraine’s power grid which cut off power for around 255,000 people. The disruptive, digital, intrusion was widely ...
via Bing News