Scientists have found a way to steal data by reading the pulses of light from the LEDs of hard disk drives and cameras.
A ream of researchers at Ben-Gurion University of the Negev (BGU) in Israel demonstrated how it is possible to use a Quadcopter drone and steal data by reading the pulses of HDD LEDs of “air-gapped” computer without being anywhere near the victim computer.
Air-gapped computers are isolated – separated both logically and physically from public networks – ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organisation’s most sensitive and confidential information.
Led by Mordechai Guri, the research team utilised the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops.
The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second) – a rate that exceeds the human visual perception capabilities.
As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.
“Our method compared to other LED exfiltration is unique, because it is also covert. The hard drive LED flickers frequently, and therefore the user won’t be suspicious about changes in its activity,” Guri added.