Hacker attack by laser light – combination of laser, vulnerable LEDs and supply chain hack enables access – scinexx.de

Hacking computers with a laser beam – it sounds like a scene from James Bond, but it is actually feasible, as IT researchers have demonstrated. They were able to use lasers to transmit data to the computer’s light-emitting diodes and tap data. This form of attack is possible even with computers that are disconnected from the network. Safety-critical systems should therefore always be optically shielded, the researchers explain.

Security-critical computers or networks are typically isolated from the Internet or internal networks. With this so-called air gapping, the systems have neither wired nor wireless connections to the outside world. This is supposed to prevent network-based hacker attacks – actually. But the attack on the software supplier SolarWind a year ago demonstrated that even high-security computers can be attacked if their software comes from external companies.

In the SolarWind hack, hackers built a backdoor into software that was then supplied to tens of thousands of companies and several US authorities. If their computers are not completely isolated, sensitive data can be extracted or manipulated.

Data can also be extracted optically using lasers and LEDs. © KASTEL/KIT

Device LEDs as a point of attack

But even with systems protected by air-gapping, hackers can elicit data or send them commands, as IT researchers working with Niclas Kühnapfel from the TU Berlin are now demonstrating in the LaserShark project. They have found out how easily isolated devices that have already been prepared using a supply chain hack can be manipulated using optical signals. All that is required for this is a powerful laser and a target device whose light-emitting diodes are connected in a certain way.

“The hidden optical communication uses light-emitting diodes as they are already built into devices, for example to display status messages on printers or telephones,” explains co-author Christian Wressnegger from the Karlsruhe Institute of Technology. Although these LEDs are not actually intended to receive light, they react with changes in voltage when exposed to laser radiation. “If the LED works in general-purpose I / O mode, then these voltages can be registered by the firmware,” the researchers explain.

According to their tests, this applies to 48 percent of common devices, including LEDs on telephones, W-LAN routers and small computers. If a corresponding command was then infiltrated into the firmware via a supply chain hack, the entire system can in principle be remotely controlled via the optical laser pulses. “A normal update of the firmware is enough to smuggle in the code for sending and receiving data via the light-emitting diodes unnoticed,” said Kühnapfel and his colleagues.

Data theft from 25 meters away

The scientists have already tried out how well such an optical attack works in practice. To do this, they used strong lasers used for laser engraving, whose beams they aimed at vulnerable devices such as telephones, Raspberry Pi computers and W-LAN routers from a distance of 25 meters. The previously injected code used a kind of Morse code system to transmit the sensitive data back: the LED flashed briefly for a digital zero and longer for a one.

This simple system was sufficient to obtain a bidirectional data connection with at least 18.2 kilobits per second inwards and 100 kilobits per second outwards. “At these data rates, megabytes of data can be transferred within minutes, which poses a serious risk even to air gap systems,” say the researchers. The prerequisite, however, is that there is a clear line of sight to the vulnerable LEDs.

“Our LaserShark project shows how important it is to protect security-critical IT systems not only in terms of information and communication technology, but also optically,” says Wressnegger. (37th Annual Computer Security Applications Conference (ACSAC), doi: 10.1145 / 3485832.348591, Preprint-PDF)

Source: Karlsruhe Institute of Technology


Leave a Reply

Your email address will not be published. Required fields are marked *