Drone steals data from a PC's blinking LED

Think you're safe from hackers offline? This drone steals data from a PC's blinking LED

Security researchers from Israel's Ben Gurion University have just demonstrated that if an attacker did manage to infect an air-gapped computer, they could steal data semi-remotely at their leisure by using a camera to capture signals from the LED lights of its hard-disk drive (HDD).

As Wired reports, the malware that the researchers devised can force an HDD LED to blink 6,000 times per second. If those lights are visible from a window, a camera-equipped drone or telescopic lens can capture the signals at a distance.
...
The researchers explain in a new paper that data can be leaked from HDD LEDs at a rate of 4kbps. That speed is incredibly slow by today's USB standards, but it's more than enough to steal encryption keys or text and binary files. According to the researchers, it's an impressive 10 times faster than previous optical covert channels for leaking data from air-gapped computers.
..
That speed is incredibly slow by today's USB standards, but it's more than enough to steal encryption keys or text and binary files

More details at Link

The research paper

Defeating an air gapped computer using the led for the hard disk. I suppose it was only a matter of time.

Make me wonder it if has been used before this proof of concept was released.

edit:

I think the mention of drone is that it's camera could also be used, just like many other camera platforms.

a reply to: roadgravel

It started with taping over the webcam on laptops

Eventually our entire pcs/laptops will be covered in tape lol

a reply to: roadgravel

All it takes is a 1/2" piece of electrical tape to solve this one.

a reply to: Discotech

Leave holes for the fan and soon it's noise will be used.

Time for a on/off switch for the HDD.

Or record heat pulses coming from the HDD with an IR camera.

a reply to: roadgravel

Does a solid state drive make noise?

a reply to: roadgravel


It could be defeated by closing the blinds.

Or you could throw a brick through said window and steal the whole computer.

Perhaps we could read the data from a hard drive from the wisps of smoke that rise after 'the researchers' bomb the premises to pieces?

I wouldn't think this would be a widely used tactic. Sounds more like something from a spy movie. I would imagine at some point some computer will be compromised using this technique. People are still falling prey to phishing, even government officials.

originally posted by: seasonal
a reply to: roadgravel

Does a solid state drive make noise?

In theory no, as far I as know. Some have reported noise but it seems to be due to circuit component(s). I don't know if it could be used aa a side channel attack for the data being written.

And my girlfriend said I was a fool for buying all those BB guns and the air rifle.

The key to this working, is somehow getting the software onto the hard-drive of an air gapped computer. Someone who uses an air gapped computer is either just a paranoid and who cares what is on it, or is some government agency where you would have to get the software in there Mission: Impossible style.

a reply to: CalibratedZeus

True, especially after stuxnet and Iran. System updates or the need to possibly bring in new data might be a path. There is the tried and true method of using a compromised person who has access.

There is no way you can retrieve data from the led of a hdd.

come on.... it's not an indication of data, it's an indication of activity. an led would need to blink a hell of a lot to replicate the actual data written or read.

but I can tell what you're doing by blinking... I know it. stop staring at me... Oo

originally posted by: CalibratedZeus
The key to this working, is somehow getting the software onto the hard-drive of an air gapped computer. Someone who uses an air gapped computer is either just a paranoid and who cares what is on it, or is some government agency where you would have to get the software in there Mission: Impossible style.

Key words. get access to.

then you have a trillion other ways of sneaking data off, the least efficient would be a blinking led. next to using the pc speaker at ultra high frequency to emit inaudible sounds that your secret snooper microphone hidden in the giraffe statue you have on the mantle piece would detect.

Leds... so old...

a reply to: savemebarry

The idea is controlling the disk access to use the led as a signalling device.

a reply to: roadgravel

Amazing how much effort and time we put into discovering ways of stealing stuff.

Pretty impressive though.

I'm no techie, but it seems to me that if they could control the computer enough to make its lights blink out morse code, or binary, or whatever, to tell someone information on the computer, then they should be able to just have the computer communicate with the controller in a more reasonable fashion, say by operating it's wifi or bluetooth. No?

originally posted by: roadgravel
a reply to: savemebarry

The idea is controlling the disk access to use the led as a signalling device.

It doesnt have that capacity.

unless you specifically build a device and already had physical access to the data - rendering the entire thing moot - you just wont get an led to do that.

not by software.