Researchers have discovered a method to steal data from a computer disconnected from the network, using the computer activity light.
Everyone knows that a computer connected to the Internet has the potential to be hacked; It doesn’t matter what system you use or what anti-malware programs you have installed.
So when a company, government or organization has to ensure the security of their data, the first step is to disconnect the server from the Internet. Not only that, but the system should also not belong to an internal network in which any of the computers is connected to the Internet.
Air Gap, when a computer is isolated for security
Every precaution is little when dealing with potentially compromised data; or with computers that perform critical and dangerous functions.
It is what is known as an air gap; an extreme security measure by which computer access is tightly controlled. Normally it can only be accessed in person or through a network isolated from the rest.
Therefore, the attacker who wants to obtain the data you would only have the option to infiltrate the building. However, over time it has been discovered that air gap is not as safe as it seemed; and that it is indeed possible to get data without going in person.
The USB sticks with malware They are a method, but the latest development from the Ben-Gurin University in Israel shows us that one can go further.
How have they managed to steal data from a disconnected computer?
Researchers have shown that it is possible to steal data from a computer disconnected from the network by capturing activity lights; Yes, I am talking about those lights present in the boxes of almost all computers. Specifically, the light that they have been able to exploit is the hard drive read indicator; It is the one with the HDD indicator in your box.
Normally, that light comes on when the system is reading or writing to our hard drive (or SSD). However, the researchers found that if they managed to install their malware on the computer (by an infected USB stick, for example), they could control that light to send messages, as if it were morse code.
Sending data through light pulses sounds very slow, and in fact it is; So they tried to maximize the amount of data they could send every second. They found that if the malware reads less than 4KB of data from the hard drive, the computer’s HDD indicator lights up for only one-fifth of a millisecond.
In this way, they managed to get the infected computer to transmit the data it had stored by turning the light on and off; the transfer rate they got was 4,000 bits per second, about 0.5 KB / s. Therefore, just to get a megabyte it would be necessary to observe this light for half an hour.
Drones that capture your data without connecting to your network
It seems like a ridiculous transfer fee, but keep in mind that is practically undetectableeveryone is already used to having the hard drive light blink while working. Even if we are not doing anything, the operating system may be doing tasks in the background and turning on the light. This will give an attacker enough time to obtain all the data that interests him.
In fact, the greatest difficulty of the method is to capture those light messages. The camera of a normal smartphone works at 60 frames per second; so it would only be able to capture 60 bits per second. But using professional (and more expensive) sensors, they managed to capture all 4,000 bits per second.
In a demonstration of their method, the researchers mounted this camera on a drone; and they did that fly at the window of the floor where the infected computer was.
This is just the latest example of the level data theft is reaching. Even something as innocent as a gauge can be used by an attacker.