SPYING THROUGH OFFICE WINDOWS

With talented hackers able to break into just about any device that’s connected to the internet the best way to keep sensitive data safe is to cut the cord completely. Keeping an “air gap” between a hard drive and other devices forces any would-be thief to physically go to the machine … or so you might think. Cyber security researchers have shown that hackers could hijack the innocent flashing LED on the outside of a computer, and use it to beam a steady stream of data to a waiting drone. .

Now, a team at the Ben-Gurion University Cyber Security Research Center has demonstrated a new way that creative crooks could crack that isolated data. A piece of malware infecting an air-gapped computer could harness the hard drive’s LED, making it flash in a very controlled and very fast manner. Flickering thousands of times a second, the virus could blink out a binary code of the desired data, at a rate that a human sitting at that computer wouldn’t even notice. Special cameras or light sensors – say from a drone hovering at the window, with a line of sight to the LED – could then receive and record that information.

OPTIONS FOR MITIGATION:

  1. Visual surveillance through a window is easy using high-powered optics. Keep computers screens positioned so they can’t be viewed from outside the building.
  2.  A “clear desk policy” is always wise when dealing with sensitive information. This policy should be extended to removing sensitive documents from a desk when they are not needed, particularly if there is a window associated with the space.