Friday, February 24, 2017

Optical Spying Through Office Windows

With talented hackers able to break into just about any device that's connected to the internet, from a computer to a car, the best way to keep sensitive data safe is to cut the cord completely.

Keeping an "air gap" between a hard drive and other devices forces any would-be thief to physically go to the machine ... or so you might think. Cyber security researchers have shown that hackers could hijack the innocent flashing LED on the outside of a computer, and use it to beam a steady stream of data to a waiting drone. criminals can be extremely crafty, using acoustic signals to jump the air gap between devices from a distance or untangling typed text by listening via Skype to the clickety-clack of a keyboard.

Now, a team at the Ben-Gurion University Cyber Security Research Center has demonstrated a new way that creative crooks could crack that isolated data. A piece of malware infecting an air-gapped computer could harness the hard drive's LED, making it flash in a very controlled and very fast manner. Flickering thousands of times a second, the virus could blink out a binary code of the desired data, at a rate that a human sitting at that computer wouldn't even notice. Special cameras or light sensors – say from a drone hovering at the window, with a line of sight to the LED – could then receive and record that information. more

Spybusters Tip #792: External visual surveillance through windows is easy using high-powered optics, or even cameras on drones. Keep computer screens, and their blinky lights, away from external line-of-sight. 

Spybusters Tip #793: Enforce a "Clear Desk Policy" when sensitive information is not actively being used. ~Kevin