At first thought, it might seem impossible to pull data from a computer that’s not connected to the Internet. How can a system be hacked without a direct connection? Well as it turns out, a paper recently published by a team of cyber security researchers discusses a method of hacking information from a computer insulated from the Internet. Hacking an air-gapped computer has been done before; back in 2016 a team from Ben Gurion University in Israel showed how USB devices could be turned into RF transmitters that essentially removed the air-gap from insulated computers.
LED-it-GO: Leaking Data from Air-Gapped Computers via the Hard Drive LED
A summary of the abstract to the paper reads as follows:
In this paper we present a method which allows attackers to covertly leak data from isolated, air-gapped computers. Our method utilizes the hard disk drive (HDD) activity LED which exists in most of today’s desktop PCs, laptops and servers. We show that a malware can indirectly control the HDD LED, turning it on and off rapidly (up to 5800 blinks per second) – a rate that exceeds the visual perception capabilities of humans. Sensitive information can be encoded and leaked over the LED signals, which can then be received remotely by different kinds of cameras and light sensors.
Essentially, the Israeli team is installing malware on an air-gapped computer. The malware reads data from the system and then ‘plays it back’ as a series of flashes from the hard drive LED. It’s the high-speed equivalent of flashing an S.O.S. with a flashlight.
The flashes can be recorded by a camera and then the video run through a separate computer program to ‘decode’ the sequence and recreate the data. Depending on the quality of the camera, the LED could flash as fast as 5800 blinks per second – faster than the human eye can even detect.
Although the transmission speed is relatively low, the ability to operate covertly could mean that many hours or days could pass with the malware undetected while data is continuously leaked. At a maximum rate of 4000 bit/s, a 1000-word text document could be transferred in just a few minutes.
Read the rest of the article below:
Sharif Jameel is a business owner, IT professional, runner, & musician. His professional certifications include CASP, Sec+, Net+, MCSA, & ITIL and others. He’s also the guitar player for the Baltimore-based cover band, Liquifaction.