When an organization needs to make sure that a computer is as secure as possible, they will often “air-gap” it. An air-gapped computer isn’t connected to the Internet. It’s not even networked to other computers that are connected to the Internet.
While air-gapping significantly increases the degree of difficulty for cyberattacks, it doesn’t make a system impenetrable. Numerous clever ways have been devised to steal data from isolated systems like these, too. Researchers have done it by listening to the sound produced by a computer’s cooling fan, by watching it for temperature changes, and by broadcasting inaudible sound through a system’s integrated speakers.
Now researchers at Ben-Gurion University in Israel have been able to do it just by watching a computer’s hard drive LED blink. What makes their demonstration particularly jaw-dropping, however, is that they watched for those blinks from the parking lot outside the office building where the infected computer was located. The picture below will give you some idea how subtle their method is. That tiny white speck is the LED their drone is watching:
How much data can you transmit using what’s essentially Morse code? Somewhere in the neighborhood of 4,000 bits per second, which the research team says is 10 times faster than any previously demonstrated technique that uses a camera to siphon data from an air-gapped computer.
No special equipment is required, either. Just about every computer ever made has a hard drive LED, and any camera — whether it’s embedded in a smartphone, attached to a drone, or sitting on a tripod on the roof of a building across the street — can be used to capture data.
Like other air-gap attacks, one of the biggest hurdles that has to be overcome is getting malware onto the target computer. How do you install malware on a system that has no Internet connection? USB sticks and SD cards are the most common method, though both require a willing accomplice. That’s not necessarily hard to find… if the job pays well enough.