Computer attacks using laser light — ScienceDaily

Computer systems that are physically isolated from the outside world (air gap) can still be attacked. This is demonstrated by IT security experts from the Karlsruhe Institute of Technology (KIT) in the LaserShark project. They show that data can be transmitted to light-emitting diodes in ordinary desktop devices using a directed laser. Thanks to this, attackers can secretly communicate with isolated computer systems over distances of several meters. In addition to conventional information and communication technology security, critical IT systems must also be optically protected.

Hackers attack computers with lasers. It looks like a scene from the latest James Bond movie, but it’s actually possible in reality. In early December 2021, researchers from KIT, TU Braunschweig and TU Berlin presented the LaserShark attack at the 37th Annual Computer Security Applications Conference (ACSAC). This research project focuses on hidden communication via optical channels. Critical infrastructure computers or networks are often physically isolated to prevent external access. “Air-gapping” means that these systems have neither wired nor wireless connection to the outside world. Previous attempts to circumvent such protection via electromagnetic, acoustic or optical channels only work over short distances or at low data rates. In addition, they often only allow data exfiltration, i.e. receiving data.

Hidden optical channel uses LEDs in commercially available desktop devices

The Intelligent System Security Group of KASTEL – KIT Institute for Information Security and Reliability, in cooperation with researchers from TU Braunschweig and TU Berlin, has now demonstrated a new attack: With a directed laser beam, an adversary can introduce data in the air. jammed systems and recover data without additional hardware on the side of the attacked device. “This hidden optical communication uses light-emitting diodes already integrated in office devices, for example to display status messages on printers or telephones”, explains Professor Christian Wressnegger, head of KASTEL’s intelligent system security group. . Light-emitting diodes (LEDs) can receive light, although they are not designed to do so.

Data is transmitted in both directions

By directing laser light at already installed LEDs and recording their response, researchers establish a hidden communication channel over a distance of up to 25m that can be used bi-directionally (in either direction). It achieves data rates of 18.2 kilobits per second inward and 100 kilobits per second outward. This optical attack is possible in commercially available desktop devices used in companies, universities and authorities. “The LaserShark project demonstrates how important it is to optically protect critical IT systems in addition to conventional information and communication technology security measures,” says Christian Wressnegger.

Source of the story:

Material provided by Karlsruher Institute of Technology (KIT). Note: Content may be edited for style and length.

Comments are closed.