Drone steals data from ‘air-gapped’ computer using blinking hard drive light
“Air-gapped” computers, which are cut off from the internet in the interest of data sensitivity, have been shown to be vulnerable to data breaches from drones that read data from the pulsating light of their hard drive.
Researchers at the Ben-Gurion University of the Negev (BGU) demonstrated how data can be stolen from these machine’s hard drives by reading the pulses of light on the LED drive using various types of cameras and light sensors.
The team used a Quadcopter drone, equipped with a camera, to peer inside the window of the room where the computer was located and receive the data transmitted by the LED.
Air-gapped computers are isolated, separated both logically and physically from public networks, ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organisation’s most sensitive and confidential information.
Led by Dr. Mordechai Guri, head of R&D at the Cyber Security Research Center, the research team utilised the hard-disk drive (HDD) activity LED lights that are found on most desktop PCs and laptops.
The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second) – a rate that exceeds the human visual perception capabilities.
As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.
“Our method compared to other LED exfiltration is unique, because it is also covert,” Guri says. “The hard drive LED flickers frequently, and therefore the user won’t be suspicious about changes in its activity.”
Guri and the Cyber Security Research Center have conducted a number of studies to demonstrate how malware can infiltrate air-gapped computers and transmit data. Previously, they determined that computer speakers and fans, FM waves and heat are all methods that can be used to obtain data.
Last year, a team showed how smartphones could steal designs created by 3D printers simply by being within close proximity during the printing process.