Your one-stop web resource providing safety and security information to manufacturers

Using different light sources, a typical office scanner can end up infiltrated and a company’s network compromised, researchers said.

“We demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” said Ben Nassi, a graduate student in the Ben-Gurion University (BGU) Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC) and lead author of a paper entitled, “Oops! I Think I Scanned Malware.”

Speeding Up Testing of Networking Protocols
Game Theory to Predict Voting Cyberattacks
Aging Faces Heighten Security Risks
IBM Uses AI to Solve Cyber Issues

“A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network,” Nassi said.

The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner. Click here to watch a video of the drone attack.

Schneider Bold

In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds. Click here to watch a video of the light bulb attack.

To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel.

“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi said.

Pin It on Pinterest

Share This