You know the LED light of your hard drive disk. Surely you've seen it… Do you think computers that are not connected to a network are safe? Stuxnet proved for the first time that they can be hacked from the "air." But other than that, does it seem completely safe to insert a USB drive into a computer that is not connected to the internet?
Security researchers from Israel's Ben Gurion University have shown that if an attacker manages to infect a computer, he could steal data remotely using a camera that can read the HDD LED.
The computer LEDs blink when the unit is in the read / write stage, but data transmission can also be performed visually.
As Wired reports, the malware the researchers devised can cause an HDD LED to blink 6.000 times per second. If these lights are visible from a window, a drone or a telescope lens camera can pick up the signals from some distance.
Researchers explain in a publication that data can leak from HDD LEDs at 4kbps. Yes, the speed is incredibly slow to current standards, but it's enough to steal all encryption keys.
The "good" with this one attack is that the HDD LEDs are flashing anyway, so no one can tell if the infected system is transmitting data.
Please note that with other malware, researchers have been able to intercept data from unplugged computers from computer speakers, FM waves, and heat.
The encoding system used to transfer data from HDD LEDs is called on-off typing, which is one of the methods of communication through visible light.
The researchers used a Nikon DSLR, a high-end security camera, a GoPro Hero5, a Microsoft LifeCam, a Samsung Galaxy S6, Google Glass, and a sensor Siemens Photodiode.
The Siemens sensor was the fastest in data transfer (4kbps), while Galaxy S6 and GoPro Hero5 had bandwidth of 60 bits per second and 120 bits per second, respectively.
Fortunately, there are cheap methods to deal with this attack. Covering the LED or disconnecting it, or removing the computer from windows.
Watch the video