The Cyber Security Research Center at Ben-Gurion University may not be an every day name in security. But every few years, the come up in the news for finding another theoretical way to defeat air gapped security. They’ve found ways to exfiltrate data by using the sound of a computer fan, and the whirring buzz of a mechanical hard drive. These all require some pretty serious infiltration on the machine already, but conceptually they’re all fascinating.
This time, the researchers targeted a router for their Mission Impossible-style hack. On an infected router, they were able to use the LED activity lights to transmit binary data. This in turn could be picked up by an optical sensor or camera, and then read, without ever having direct access.
The most impressive part is that the rate of transmission is relatively fast, at least compared to their acoustic exfiltrations of the past. Each light is able to send at about 1 kilobit per second. In their video example with eight lights, they could send data at 8000 baud.
As I said before, the Cyber Security Research Center is all about concepts, not practicality. While this demo is really interesting and creative, it seems like if you’re able to get malicious firmware on a router, you have a wide variety of exploits to gain access to data much more effectively.
I’ll be looking forward to seeing what their next vaguely terrifying but essentially impractical exploit is down the line.
- Of Chips and Acquisitions | Gestalt IT Rundown: August 21, 2019 - August 21, 2019
- Kubernetes Is Evolving Into an Enterprise-Friendly Platform, but Challenges Remain - August 16, 2019
- Going Independent - August 15, 2019
- AMD Wasn’t Built In A Day | Gestalt IT Rundown: August 14, 2019 - August 14, 2019
- SaaS Backup Isn’t My Problem – The On-Premise IT Roundtable - August 13, 2019
- Jira and the Definition of All | Gestalt IT Rundown: August 7, 2019 - August 7, 2019
- What’s In Your Bucket | Gestalt IT Rundown: July 31, 2019 - July 31, 2019
- VPNemy at the Gates | Gestalt IT Rundown: July 24, 2019 - July 24, 2019
- Germany Drops the Hesse on Microsoft | Gestalt IT Rundown: July 17, 2019 - July 17, 2019
- FUD: Fear, UK, and DNS | Gestalt IT Rundown: July 10, 2019 - July 10, 2019