{"id":6751,"date":"2017-02-23T04:30:57","date_gmt":"2017-02-23T12:30:57","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/23\/news-542\/"},"modified":"2017-02-23T04:30:57","modified_gmt":"2017-02-23T12:30:57","slug":"news-542","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/02\/23\/news-542\/","title":{"rendered":"A hard drive&#039;s LED light can be used to covertly leak data"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2017\/02\/img_20160625_202609-100710076-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 03:40:00 -0800<\/strong><\/p>\n<p> The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware. <\/p>\n<p> Researchers in Israel have come up with an innovative hack that turns a computer&#8217;s LED light into a signaling system that shows passwords and other sensitive data. <\/p>\n<p> The researchers at Ben-Gurion University of the Negev demonstrated the hack in a <a href=\"https:\/\/www.youtube.com\/watch?v=4vIu8ld68fc\">YouTube video<\/a> posted Wednesday. It shows a hacked computer broadcasting the data through a computer\u2019s LED light, with a drone flying nearby reading the pattern. <\/p>\n<p><iframe loading=\"lazy\"  src=\"https:\/\/www.youtube.com\/embed\/4vIu8ld68fc\" width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/p>\n<p> The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet. <\/p>\n<p> Air-gapped systems generally carry highly confidential information or operate critical infrastructure. But the researchers have been coming up with sneaky ways to extract data from these computers, like using the noise from the <a href=\"http:\/\/www.computerworld.com\/article\/3106862\/security\/sounds-from-your-hard-disk-drive-can-be-used-to-steal-a-pcs-data.html\">PC\u2019s fan<\/a> or hard drive to secretly broadcast the information to a nearby smartphone. <\/p>\n<p> Their latest hack leverages the LED activity light for the hard disk drive, which can be found on many servers and desktop PCs and is used to indicate when memory is read or written. <\/p>\n<p> The researchers found that with malware, they could control the LED light to emit binary signals by flashing on and off. That flickering could send out a maximum of 4,000 bits per second, or enough to leak out passwords, encryption keys and files, according to their <a href=\"http:\/\/cyber.bgu.ac.il\/advanced-cyber\/system\/files\/LED-it-GO_0.pdf\">paper<\/a>. It&#8217;s likely no one would notice anything wrong. <\/p>\n<p> &#8220;The hard drive LED flickers frequently, and therefore the user won&#8217;t be suspicious about changes in its activity,\u201d said Mordechai Guri, who led the research, in a statement. <\/p>\n<p> To read the signals from the LED light, all that\u2019s needed is a camera or an optical sensor to record the patterns. The researchers found they could read the signal from 20 meters away from outside a building. With an optical zoom lens, that range could be even longer. <\/p>\n<p> It wouldn\u2019t be easy for hackers to pull off this trick. They\u2019d have to design malware to control the LED light and then somehow place it on an air-gapped system, which typically is heavily protected. <\/p>\n<p> They\u2019d also need to find a way to read the signals from the LED light. To do so, a bad actor might hijack a security camera inside the building or fly a drone to spy through a window at night. \u00a0 <\/p>\n<p> However, the danger of an LED light being hijacked can be easy to solve. The researchers recommend placing a piece of tape over the light, or disconnecting it from the computer. <\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3173346\/security\/a-hard-drives-led-light-can-be-used-to-covertly-leak-data.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2017\/02\/img_20160625_202609-100710076-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 03:40:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p> The seemingly harmless blinking lights on servers and desktop PCs may give away secrets if a hacker can hijack them with malware.<\/p>\n<p> Researchers in Israel have come up with an innovative hack that turns a computer&#8217;s LED light into a signaling system that shows passwords and other sensitive data.<\/p>\n<p> The researchers at Ben-Gurion University of the Negev demonstrated the hack in a <a href=\"https:\/\/www.youtube.com\/watch?v=4vIu8ld68fc\">YouTube video<\/a> posted Wednesday. It shows a hacked computer broadcasting the data through a computer\u2019s LED light, with a drone flying nearby reading the pattern.<\/p>\n<figure class=\"large\">\n<div class=\"embed-wrapper\">\n<div class=\"embed-container embed-youtube\"><iframe loading=\"lazy\"  src=\"https:\/\/www.youtube.com\/embed\/4vIu8ld68fc\" width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/p><\/div>\n<\/figure>\n<p> The researchers designed the scheme to underscore vulnerabilities of air-gapped systems, or computers that have been intentionally disconnected from the internet.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3173346\/security\/a-hard-drives-led-light-can-be-used-to-covertly-leak-data.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11072,714],"class_list":["post-6751","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cybercrime-hacking","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6751"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6751\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}