It’s a widely accepted belief that if a computer is air-gapped, meaning it’s completely disconnected from the Internet, it’s supposed to be immune from hackers and security breaches. But after the hacking demonstration done by a team of researchers from the Ben-Gurion University (BGU) of the Negev, that notion is now being challenged.
As the researchers were able to prove, by inflicting an air-gapped computer with malware via an SD card or a USB drive, they can control the PC’s LED light, making it flash on and off to emit Morse code-like binary signals. As explained by Dr. Mordechai Guri, head of research and development at BGU’s Cyber Security Research Center, through this flickering which is controllable at up to 6,000 blinks per second, data can be sent out at the rate of 4,000 bits per second or nearly 1 megabyte per half hour. That might not be noticeable at all, but it’s enough to leak out encryption keys, files and passwords.
“The LED is always blinking as it is searching and indexing, so no one suspects anything, even in the night. It’s possible for the attacker to cause such fast blinking that a human never sees it,” Dr. Guri said in a statement they issued.
To read the signals coming from the LED light, all it that’s required is an optical sensor or a camera that has a line of sight on the infected machine. With what the researchers used — a drone they built for that purpose — they were able to read the signal from 20 meters away. And if they used an optical zoom lens, the signal can probably be read from much farther away.
The Ben-Gurion University research team demonstrated the hack in a YouTube video (posted below) which shows a hacked computer transmitting data via the CPU’s rapidly blinking LED light, while a flying drone hovering nearby filmed the flashing light and recorded the patterns.
It’s much more complicated than it really sounds, though. Because to start off the hijacking process, a computer will have to be attacked from the inside first. But once that’s been accomplished, and the computer’s LED can be seen from the outside, stealing of sensitive information will become possible.
To protect air-gapped computers from this kind of hacking scheme, the recommendation is to keep such PCs in rooms or spots away from windows, place film over a building’s glass to cloak light flashes, or maybe put curtains over windows. The simplest solution of all? Just cover the LED light with something like a piece of tape. Really.
Apart from hacking a computer through its LED light, BGU researchers were previously able to compromise the security of an air-gapped computer through its fan, the noise from its hard drive and its heat output. And who knows which part of the computer they’ll be able to hack into next.