It is possible to infiltrate a regular office scanner and, in so doing, endanger the computer network of a company - through the use of various light sources, a new study from researchers at Ben-Gurion University and the Weizmann Institute reveals.
According to Ben Nassi, a doctoral student at Ben-Gurion University in the department of information systems and a researcher at the cyber-security research center (CSRC) of the University who was central to the research, “a scanner whose screen is left on is sensitive to changes in surrounding light sources, and it is possible to use it as a ‘back door’ into a company’s network."
The researchers undertook several experiments in order to send a message to network computers connected to the table scanner. Through the use of a laser 900 meters away and, likewise, on a drone hovering outside the office, the researchers successfully sent a message activating malware via the scanner.
In a different experiment, the researchers used a smartphone to activate a smart light in the same room as the scanner through the use of radio waves. They wrote a program which caused the smart light to blink; and within seconds, the blinking light sent a message to the scanner activating the malware.
“We believe that the research will raise awareness about this threat and lead to protocol for secure scanners which will prevent attackers from creating secret channels via external light sources,” Nassi said.