A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
[osd_subscribe categories=’cyberattack’ placeholder=’Email Address’ button_text=’Subscribe Now for any new posts on the topic “CYBERATTACK”‘]
The Latest on: Cyberattack
[google_news title=”” keyword=”cyberattack” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Cyberattack
- Lamont warned that sale of CT hospitals was at risk due to cyberattack, massive debt to vendorson September 22, 2023 at 3:03 am
Patrick Charmel, president and CEO of Griffin Hospital, sent Lamont the email days after Prospect’s three hospitals — Manchester Memorial, Rockville General and Waterbury Hospital — were hit with a cyberattack in early August. The Connecticut ...
- Bellone signs 13th emergency order related to year-old cyberattack, delays county budgeton September 22, 2023 at 2:00 am
The Suffolk County executive signed the 13th "local emergency order" tied to the September 2022 ransomware attack, delaying the county operating budget by a week.
- You still can't book a room on MGM's website following cyberattack, says Jefferies' David Katzon September 21, 2023 at 5:00 pm
Hosted by Brian Sullivan, “Last Call” is a fast-paced, entertaining business show that explores the intersection of money, culture and policy. Tune in Monday through Friday at 7 p.m. ET on CNBC.
- Russian cyberattack thought to be cause of government IT system crash – Premieron September 21, 2023 at 2:03 pm
A suspected cyberattack from Russia could have been the cause of a breakdown in government IT systems, it emerged this afternoon. David Burt revealed that at least one other country was also believed
- The International Criminal Court was hit with a cyberattackon September 20, 2023 at 9:00 am
The International Criminal Court revealed malicious actors illegally accessed its computer systems late last week, posing potentially dangerous ramifications for the world’s only permanent war crimes tribunal.
- Clorox Cyberattack Brings Early Test of New SEC Cyber Ruleson September 20, 2023 at 2:30 am
The company’s eight disclosures to date show how figuring the material impact of a cyberattack is unfamiliar ground, legal and cyber experts say.
- Customers May Struggle to Get Clorox Wipes After a Damaging Cyberattackon September 19, 2023 at 11:31 am
“The cybersecurity attack damaged portions of the company’s IT infrastructure, which caused wide-scale disruption of Clorox’s operations,” it said. The company said it discovered the breach on Aug. 11, and disclosed it in an S.E.C. filing three days later.
- Clorox products may be in short supply following cyberattack, company warnson September 19, 2023 at 7:18 am
Clorox is slowly restoring its systems after a hack last month forced the consumer products maker to take them offline.
via Bing News