New type of malware attacks isolated devices without internet connection

Experts in digital forensic reported the detection of a new malware from Israel that is capable of hacking isolated computers. For this, the atttackers must seize control of the LED indicators in the device, making them blink even 6 thousands of time every second, which sends a siganl that contains data to a camera attached to a drone near the the objective machine.





This attacking method focus on isolated devices, which means that they dont have internet connection or to the company network, so attacking them is kind of hard. Usually, these devices (also known as “air-gapped” devices) stocks highly important information for the company.

The experts in digital forensic from the Cyber Security Investigation Center from the Ben-gurion university designed this controlling method through the LED indicators to show that it was possible to hack an isolated device to steal its information. “These LED lights are always blinking, which means that any user would suspect that the device is being attacked”, said one of the researchers.

To show the attack, the investigators used a drone placed relatively near of the device. When the objective was located, the attackers begin to send data through a LED light to the HDD, which requires the use of a malware.

Specialists in digital forensic from the International Institute of Cyber Security (IICS) say that, using this method, there can be be data ttransfered to even a speed of 4.000 bits/second, thanks to a specialized sensor, placed in the drone. The camera registers the blink in the LED lights to decipher it afterwards.

After reaching 6000 blinkings per second, the patterns of the LED lights are imperceptible on sight, a light sensor strong enough could register those patterns though. “ It is probably that the user objective doesn’t even notice that he is being attacked”, said the creators of this information robbery method.

It is important to highlight that the attack requires that the objective device must be infected earlier with a variation of the malware, though it is not really blocking wall for the attackers. Maybe the system administrators would like to cover these LED lights with scotch tape to prevent an attack.







Deja un comentario