Analysis and comment on all matters pertaining to the supply chain and distribution of electronics components from Richard Wilson, editor of Electronics Weekly.
Several messages were transmitted to trigger malware in computers using the technique, including from a laser 900m away and from a drone outside the building.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” said scientist Ben Nassi of Ben-Gurion University. “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
In another demonstration, the researchers used a Galaxy 4 phone to hijack a smart lightbulb in the same room as the scanner via radio signals. They then manipulated the bulb to send light signals to the scanner to trigger the malware.
To mitigate this vulnerability, the researchers recommend that scanner are connected to networks through a proxy server – which will prevent establishing a covert channel, at the expense of limiting printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT device,” said Nassi.
Professor Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify network vulnerabilities by establishing a clandestine channel in a computer network.
“When the United States Department of Energy (DoE) implemented its Level VI standard in February 2016, most OEMs were forced to update their designs to meet these requirements. Now with even stricter regulations proposed to become law in the European Union (EU) in 2018, companies that ship an external power adapter with their end product must yet again closely monitor the regulatory environment to ensure that they are in compliance,” said the firm.