1. Forum
  2. FidoNet
  3. EARTH

  • IT security: Computer attacks with laser

    From ScienceDaily@1:317/3 to All on Tue Dec 21 21:30:36 2021
    IT security: Computer attacks with laser light

    Date:
    December 21, 2021
    Source:
    Karlsruher Institut fu"r Technologie (KIT)
    Summary:
    Computer systems that are physically isolated from the outside
    world (air-gapped) can still be attacked. This is demonstrated
    by IT security experts. They show that data can be transmitted to
    light-emitting diodes of regular office devices using a directed
    laser. With this, attackers can secretly communicate with air-gapped
    computer systems over distances of several meters. In addition to
    conventional information and communication technology security,
    critical IT systems need to be protected optically as well.



    FULL STORY ========================================================================== Computer systems that are physically isolated from the outside world
    (air- gapped) can still be attacked. This is demonstrated by IT security experts of the Karlsruhe Institute of Technology (KIT) in the LaserShark project. They show that data can be transmitted to light-emitting diodes
    of regular office devices using a directed laser. With this, attackers can secretly communicate with air-gapped computer systems over distances of
    several meters. In addition to conventional information and communication technology security, critical IT systems need to be protected optically
    as well.


    ========================================================================== Hackers attack computers with lasers. This sounds like a scene from the
    latest James Bond movie, but it actually is possible in reality. Early
    December 2021, researchers of KIT, TU Braunschweig, and TU Berlin
    presented the LaserShark attack at the 37th Annual Computer Security Applications Conference (ACSAC).

    This research project focuses on hidden communication via optical
    channels.

    Computers or networks in critical infrastructures are often physically
    isolated to prevent external access. "Air-gapping" means that these
    systems have neither wired nor wireless connections to the outside
    world. Previous attempts to bypass such protection via electromagnetic, acoustic, or optical channels merely work at short distances or low
    data rates. Moreover, they frequently allow for data exfiltration only,
    that is, receiving data.

    Hidden Optical Channel Uses LEDs in Commercially Available Office
    Devices The Intelligent System Security Group of KASTEL -- Institute
    of Information Security and Dependability of KIT, in cooperation with researchers from TU Braunschweig and TU Berlin, have now demonstrated a
    new attack: With a directed laser beam, an adversary can introduce data
    into air-gapped systems and retrieve data without additional hardware
    on-side at the attacked device. "This hidden optical communication uses light-emitting diodes already build into office devices, for instance,
    to display status messages on printers or telephones," explains Professor Christian Wressnegger, Head of the Intelligent System Security Group of
    KASTEL. Light-emitting diodes (LEDs) can receiving light, although they
    are not designed to do so.

    Data Are Transmitted in Both Directions By directing laser light to
    already installed LEDs and recording their response, the researchers
    establish a hidden communication channel over a distance of up to 25 m
    that can be used bidirectionally (in both directions).

    It reaches data rates of 18.2 kilobits per second inwards and 100
    kilobits per second outwards. This optical attack is possible in
    commercially available office devices used at companies, universities,
    and authorities. "The LaserShark project demonstrates how important
    it is to additionally protect critical IT systems optically next to conventional information and communication technology security measures," Christian Wressnegger says.

    ========================================================================== Story Source: Materials provided by
    Karlsruher_Institut_fu"r_Technologie_(KIT). Note: Content may be edited
    for style and length.


    ========================================================================== Journal Reference:
    1. Niclas Ku"hnapfel, Stefan Preussler, Maximilian Noppel, Thomas
    Schneider,
    Konrad Rieck, and Christian Wressnegger. LaserShark:
    Establishing Fast, Bidirectional Communication into Air-Gapped
    Systems. Proceedings of the 37th Annual Computer Security
    Applications Conference (ACSAC), 2021 DOI: 10.1145/3485832.348591 ==========================================================================

    Link to news story: https://www.sciencedaily.com/releases/2021/12/211221102721.htm

    --- up 2 weeks, 3 days, 7 hours, 13 minutes
    * Origin: -=> Castle Rock BBS <=- Now Husky HPT Powered! (1:317/3)