IT Security: Computer Attacks with Laser Light LaserShark: Researchers investigate hidden communication via optical channels - data can be transmitted to light-emitting diodes already built into devices
Joint press release of the Karlsruhe Institute of Technology and TU Braunschweig
Computer systems that are physically isolated from the outside world (air-gapped) can still be attacked. This is demonstrated by IT security experts of Technische Universität Braunschweig, the Karlsruhe Institute of Technology (KIT) and TU Berlin in the project LaserShark: A directed laser can be used to transmit data to light-emitting diodes already built into devices. With this, attackers can secretly communicate with air-gapped computer systems over distances of several meters. LaserShark shows that in addition to conventional information and communication technology security, critical IT systems need to be protected optically as well.
Hackers attack computers with lasers. This sounds like a scene from the latest James Bond movie, but it actually is possible in reality. Early December 2021, researchers of TU Braunschweig, KIT, and TU Berlin presented the LaserShark attack at the 37th Annual Computer Security Applications Conference (ACSAC). This research project focuses on hidden communication via optical channels. Computers or networks in critical infrastructures, such as those used by energy suppliers, in medical technology or in traffic control systems, are often physically isolated to prevent external access. “Air-gapping” means that these systems have neither wired nor wireless connections to the outside world. Previous attempts to bypass such protection via electromagnetic, acoustic, or optical channels merely work at short distances or low data rates. They often only allow for data exfiltration.
Hidden optical channel uses LEDs in commercially available office devices
The method demonstrated by a research group including Professor Thomas Schneider from the Institute of High Frequency Technology and Professor Konrad Rieck from the Institute of System Security at TU Braunschweig, on the other hand, can initiate dangerous attacks: With a directed laser beam, an adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-site at the attacked device. “This hidden optical communication uses light-emitting diodes already build into office devices, for instance, to display status messages on printers or telephones,” explains assistant professor Christian Wressnegger, Head of the Intelligent System Security Group at KIT. Although these LEDs are not actually intended for receiving light, they can be used for this purpose. “It is always amazing how easily data can be infiltrated into an IT system unnoticed. I would not have expected that a laser could communicate with the device via the LED on my phone. But it can,” says Konrad Rieck from the Institute of System Security at TU Braunschweig.
Data transmission works in both directions
By directing laser light to already installed LEDs and recording their response, the researchers have for the first time established a hidden communication channel over a distance of up to 25 meters that can be used bidirectionally (in both directions). It reaches data rates of 18.2 kilobits per second inwards and 100 kilobits per second outwards. This optical attack is possible in commercially available office devices used at companies, universities, and authorities. “As we were able to show, the inward and outward transfer of data works over relatively large distances and also through windows, so that such an attack can be directed from an office or apartment on one side of the street to an object on the opposite side,” explains Thomas Schneider, head of the Terahertz Technology department at the Institute of High Frequency Technology at TU Braunschweig. Christian Wressnegger adds: “The LaserShark project demonstrates how important it is to additionally protect critical IT systems optically next to conventional information and communication technology security measures.”
To foster future research on the topic and further develop protection against covert optical communication, the researchers have published the program code used in their experiments as well as the raw data of their measurements and the scripts on the LaserShark project website.