A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
Learn more: Scanners Can Be Hijacked to Perpetrate Cyberattacks
[osd_subscribe categories=’cyberattack’ placeholder=’Email Address’ button_text=’Subscribe Now for any new posts on the topic “CYBERATTACK”‘]
The Latest on: Cyberattack
[google_news title=”” keyword=”cyberattack” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Cyberattack
- Major cyberattack risks for businesses in South Africaon May 1, 2024 at 4:02 am
A new report from Cisco shows that over 90% of South African companies are not resilient against modern cybersecurity risks.
- Potential cyberattack involving telecom company Magnet+on May 1, 2024 at 2:04 am
Telecoms company Magnet+ is investigating an attempted cyberattack after the company said its internal security systems detected an unauthorised access attempt on its IT services network on 8 April.
- UnitedHealth CEO to testify on cyberattack at congressional committeeson April 30, 2024 at 11:02 pm
UnitedHealth Group Chief Executive Andrew Witty is scheduled to testify before U.S. House and Senate committees on Wednesday about a hugely disruptive cyberattack at the company's Change Healthcare ...
- Clorox results continue to reflect August cyberattackon April 30, 2024 at 2:34 pm
Clorox (NYSE:CLX) shares are lower in Tuesday’s after-hours as the company’s fiscal Q3 results still reflect the financial cost of the August cyberattack on its IT systems. The company anticipates the ...
- Clorox Cyberattack Recovery Stalls, Pushing Outlook Downon April 30, 2024 at 1:45 pm
Clorox Co. lowered its sales forecast for the year after reporting a surprise drop in shipment volumes, as the bleach maker’s recovery from last year’s cyberattack shows signs of stalling. Revenue and ...
- State AGs tell UnitedHealth to do more in cyberattack aftermathon April 30, 2024 at 1:18 pm
UnitedHealth Group's response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been "inadequate" and must be improved immediately, a group of 22 state ...
- Cyberattack on UnitedHealth firm forces doctors to dig into personal savings to stay afloaton April 30, 2024 at 12:10 pm
Akey owns and operates a primary care practice that serves around 3,500 patients in the area, many of whom suffer from chronic diseases. She opened in 2000 and manages a staff of nearly 20 people.
- Octapharma Plasma Confirms Recent Cyberattack and Investigates Possible Data Breachon April 30, 2024 at 10:12 am
On April 19, 2024, Octapharma Plasma USA posted a website after discovering that the company was the target of a cyberattack. In this notice, Octapharma explains that the incident resulted in a ...
- VA is warning veterans about Change Healthcare cyberattack, secretary sayson April 29, 2024 at 3:00 am
There’s no confirmation yet” that veterans’ data was leaked by the ransomware attack, according to the VA secretary, but the department is proactively alerting millions of veterans and beneficiaries ...
via Bing News