Even supposedly secure systems are vulnerable
Really security-critical computers are often isolated from the Internet and internal networks. If a computer is not connected to a network via cable or WLAN, it can only be hacked on site. In IT, this method is known as air gapping. Researchers at the TU Berlin have now been able to show that such systems are not 100 percent secure either. The method they used to do this could be straight out of a James Bond movie.
Laser also attacks systems with an air gap
Last year it became clear that even high-security computers can be attacked if the software used comes from external companies. As part of the SolarWind hack, attackers built a back door into software that was delivered to tens of thousands of companies and also to US authorities, and through which sensitive data can then be accessed or manipulated.
It has now been shown that even systems that are protected with air-gapping are susceptible to hacker attacks. As part of the LaserShark project, IT researchers working with Niclas Kühnapfel from the TU Berlin were able to show that so-called supply chain hacks can make it possible to hack high-security computers using a laser aimed at an LED on the computer. For this, the team only needed a powerful laser and a target device whose LEDs have a specific switching pattern.
Hacking like James Bond
„The hidden optical communication uses light-emitting diodes as they are already built into devices, for example to display status messages on printers or telephones“, Explains Christian Wressnegger from the Karlsruhe Institute of Technology (KIT), who is involved in the project. Conventional LEDs also react to radiation from a laser with voltage changes. These can be registered by the firmware if the LED is working in the so-called general-purpose I / O mode. This applies to about 48 percent of the common devices on the market. This includes LEDs on telephones, W-LAN routers and small computers.
If it is possible to attack a computer using what is known as a supply chain hack, in which a code is smuggled into the firmware, then this method can be used to remotely control the entire system. “The hidden optical communication uses light-emitting diodes as they are already built into devices, for example to display status messages on printers or telephones“, Say the researchers.
Successful practical test
In a test, the researchers have shown that such optical attacks also work in practice. They used lasers that are normally used for laser engraving and aimed the beam from 25 meters away at devices such as telephones, Raspberry Pi computers and WiFi routers. The method works in both directions: Using a kind of Morse code, data can also be sent back via the LEDs.
Using the laser, the researchers were able to establish a bidirectional data connection that, starting from the laser device, had a transmission rate of 18.2 kilobits for upload and 100 kilobits for download. Megabytes of data could be transferred within minutes. However, for the method, there must logically be a free line of sight between the laser and the LED.
„The hidden optical communication uses light-emitting diodes as they are already built into devices, for example to display status messages on printers or telephones“, so Wressneger.