Feb. 22 (UPI) -- As experiments showed, a computer's LED light could be used to smuggle out data from the hard drive to a remote receiver with cameras or light sensors, like a drone.
Just because a computer isn't connected to a wireless network, doesn't mean it's immune to invasion. As researchers at the Ben-Gurion University of the Negev proved, if a computer can be directly infected with malware via USB or SD card, the computer's LED light can be hijacked for espionage purposes.
"If an attacker has a foothold in your air-gapped system, the malware still can send the data out to the attacker," Mordechai Guri, head of research and development at BGU's Cyber Security Research Center, explained in a news release. "We found that the small hard drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance."
In their proof-of-concept tests, BGU researchers successfully transcribed and transmitted a computer's hard drive data using the flash of the LED light and Morse code-like sequences. The method moved data at speeds upwards of 4,000 bits per second.
"The LED is always blinking as it is searching and indexing, so no one suspects anything, even in the night," Guri said. "It's possible for the attacker to cause such fast blinking that a human never sees it."
Guri and his colleagues advise that air-gapped computers be placed in rooms away from windows. BGU researchers have previously demonstrated other ways to smuggle data from an air-gapped computer by manipulating the machine's fan, hard drive noise and heat output.