A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
[osd_subscribe categories=’cyberattack’ placeholder=’Email Address’ button_text=’Subscribe Now for any new posts on the topic “CYBERATTACK”‘]
The Latest on: Cyberattack
[google_news title=”” keyword=”cyberattack” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Cyberattack
- Delaware County water companies confident in abilities to withstand cyberattackon December 2, 2023 at 8:51 am
Also serving parts of Delaware County is Aqua Pennsylvania, now an affiliate of Essential Utilities. In Pennsylvania, the company provides water and wastewater services to 1.5 million people in 32 ...
- Blue Shield of California customer data stolen in cyberattackon December 1, 2023 at 4:46 am
An unknown number of Blue Shield of California members may have had their personal data, including Social Security numbers, birth dates and treatment information, stolen during a cybersecurity breach ...
- Cyberattack caused 'temporary disruption' to Staples online orderingon November 30, 2023 at 5:13 pm
Office retail company Staples was hit with a cyberattack, the company announced in a post on their website Thursday.
- After a week-long outage, Fidelity National Financial confirms cyberattack is now 'contained'on November 30, 2023 at 8:55 am
Fidelity National Financial, or FNF, one of the largest real estate services companies in the United States, said it “contained” a recent cyberattack that engulfed its many subsidiaries and customers ...
- Latest hospital cyberattack shows how health care systems' vulnerability can put patients at riskon November 29, 2023 at 5:35 pm
Tulsa, Oklahoma — Annie Wolf's open-heart surgery was just two days away when the Hillcrest Medical Center in Tulsa, Oklahoma, called, informing her that her procedure had been postponed after a ...
- Latest hospital cyberattack shows healthcare systems' vulnerabilityon November 29, 2023 at 5:35 pm
Ardent Health Services was forced to take its network offline after a cyber breach affecting 30 hospitals and more than 200 health care sites.
- High school fires IT manager — then he launches cyberattack on its network, feds sayon November 29, 2023 at 5:32 pm
A former IT manager is accused of launching a cyberattack on a Massachusetts high school that recently fired him, federal officials said. The 30-year-old from Ayer was a desktop and network manager at ...
- LockBit claims cyberattack on India's national aerospace labon November 28, 2023 at 2:25 pm
The notorious ransomware gang LockBit has claimed responsibility for a cyberattack targeting India's state-owned aerospace research lab. On Wednesday, LockBit added the National Aerospace Laboratories ...
- Chatham woman wants to know why 'most vulnerable' are waiting for care as hospital recovers from cyberattackon November 28, 2023 at 1:01 am
Having just started a new antidepressant medication, Chatham-Kent resident Lynn McKerracher is worried about her health now that a check-in appointment with her psychiatrist has been delayed more than ...
via Bing News