The malware that uses the LED of the hard-disk to steal data from computers
It takes a camera and an infected computer to transfer any type of file to an external computer. This way, you can steal sensitive information even if the computer is not physically connected to a network.
We often tend to think that it is enough to disconnect the computer from any network to make it invulnerable. Unfortunately not and to prove there is a new experiment conducted by Israeli university through which it has been shown that a malicious ad-hoc developed can use the LED indicating the periods of disk activity to send sensitive data from an infected computer to a camera that is located nearby. This hack the 007 is not from a movie set, but as an exploitable software for real attacks.
The malware, which do not even require the administrator’s credentials to run on a computer, aims to flash the LED above with rapid intervals. The attacker performer can orient the lens of a nearby camera transmitting the recording to a computer, which has the task of transforming the luminous message in binary code. As? Simple: the lit LED indicates the value 1, the power is turned off 0. In this way, it is possible to transfer sensitive information from the infected computer to another any system.
This can be pulled out any type of file, but it is obvious that the method is usable especially for information of an extremely small size. As enough to obtain encryption keys collected by applications installed on the system or extremely sensitive data to gain access to services present on the computer. For the etching can also be used the simple camera of a smartphone or, even better for the purpose of maximum invisibility, cameras integrated on commercial drones.
Even a surveillance camera can be fit for purpose, opening the door to different uses for the malware. In tests, the research team has found that the best tools for the detection of ” messages ” from the hard-disk LEDs are photodiodes, which can collect information up to a maximum of 4,000 bits per second. The commercial sensors are much less effective: a GoPro Hero 5 stops at 120 bits per second, while webcam, entry-level SLR, security cameras hovering around the ten bits per second.
The attack is essentially invisible: ” As the LED which signals disk activity sometimes flashes even if no operations are performed on the computer, the activities caused by malware do not seem suspicious, ” they noted the researchers. Furthermore, when transmitting data, the LED flashes so quickly that the human eye believes it is permanently switched on. The attack by Israeli researchers showed (in video), carried out by a drone. It appears to be from a movie and shows how an attack can be completed in seconds.
There are doubts on the actual feasibility of an attack of this type, since it requires that a computer has already been infected by malware, and at that point, there are many other systems more effective and less laborious to transfer the data present in it.
The attack can be rather useful systems for so-called ” air-gapped “, or systems with very sensitive data (eg military) highly guarded and hidden (and often in rooms without windows). Also in this case the attack would be practically infeasible or at least too complex. A research study can be found at this address.