Crafty jews are at it agin... data exfil from airgapped computers through HDD light

yeah, you have to install a malware that will need to access the hardware, so you need physical access to the machine, and then have a drone hoovering just out a conveniently placed window.

Why don't just copy the data then?

>researchers discover that it is possible to communicate by flashing a light

Same research time exfiltrated data from airgapped computers with a cell phone last year...

usenix.org/conference/usenixsecurity15/technical-sessions/presentation/guri

Video: youtube.com/watch?v=RChj7Mg3rC4

Crazy cool research.

Installing malware is a lot easier than exfil of data. To install malware, you need one opportunity. To exfil, you need to do it constantly and the person that installed the malware might not be able to enter that building again.

>no human being would ever make this obviously stupid mistake

oy vey

>sending data through leds

how does this work?

Only with extra malware installed.

I just leave them disconnected or cover them with black tape. LEDs are a pointless distraction.

OR

Just plug in your on/off switch

In this case the LEDs are basically acting like shitty fiber optic lines. It's not a very interesting idea desu.

Modulates it to send the data, like doing morse code, same way you can modulate any other transmission source to send data.
I made a light to audio device when I was younger because I wanted to see if you could hear the audio within a room by listening to a light bulb filament in the room being modulated by the sound waves of people talking or what ever.
It did work, had to make a more sensitive and complicated audio circuit for it with a compression stage and all that but it worked.

If they developed the procedure, its because they had specific targets in mind that it would work on. A bit silly that now everyone knows how to defeat it. Just remove the wires and don't have the pc near a window.
However, I read that this also creates a recoverable rf signal that they can pick up from just outside the building.

I dont have any links, but you should get you some Forrest Mims

long story short, any signal can be sent (and received) with LEDs

fuck, I wrote this

before I saw

also, look up Van Eck phreaking while you are at it. There's a youtube video where, with an AM radio, you can hear audio from your monitor.

לא מעניין

Basically one of these scaled up
en.wikipedia.org/wiki/Opto-isolator

At the end of the day we are all decaying chemical reactions floating on a giant rock hurdling through space. Therefore, by flooding the LED with random noise you will be able to mitigate the effectiveness of this attack.

Shes looks one of my cousins and I like it.

are you trying to blow my mind user?

Shannon used to be sexy af

Since many SSDs vibrate when accessing data, we could record the audio and reconstruct what was accessed!

Isn't that why we have salt?

>wake up in the middle of the night
>My RGB RAM and RGB HDD and RGB fans and RGB motherboard and RGB power supply and RGB optical drive are all flashing rapidly
>See a drone hovering behind the window

>data exfil from airgapped computers through HDD light.
Prolly why Macs don't have HDD lights. They don't have ethernet socket lights either.
They don't have lame Intel Inside stickers either.

Goodness!
Does that mean that USB flash drives vibrate as well? So that's why my little sister loves hers so much.

They don't want your weeb shit. You're safe.

kek... imagine how FAST and EASY is to exfil data from retarded gaymer shit... it would probably go as fast as wifi.

Reminds me of the guy who can figure out what phone you have by the IR signals it gives off.
youtube.com/watch?v=Hh5Snb-AXxY
Kind of weird, I thought there would be articles about it but I couldn't find any.

That's cool.

BTW, here's the latest privacy threat: ULTRASOUND TRACKING!

Basically, lots of apps will come with ultrasound beacon library and your phone will constantly emit ultrasound frequenceis through your speaker and other phones/listening stations will be able to pick it up and track you.

bleepingcomputer.com/news/security/ultrasound-tracking-could-be-used-to-deanonymize-tor-users/

>tfw no six million gf

It's good that I always cover the leds, coz I can't sleep with them on.

So much trouble for nothing.

>implying someone visits tor sites without completely disabled javascript

Computer monitors emit EM radiation, with a carefully tuned antenna you can receive it and reconstruct the image from an otherwise airgapped machine.

Fun fact: this is the reason why voting machines were banned in NL.

>someone sees mr. smith voted for donald clinton
like who the fuck cares?

>computer is offline
yet another "lel look at my cool hacks" that needs physical access
why not transfer the files on the device you use to infect the machine?

sheesh... i just wanna make some jams & sh⥌tpost is that 2much 2ask ...

ot it would add so much background noise that it becomes un decipherable.

because you may have access to the computer, but not passwords for the encryption.

youtu.be/HvZAZFztlO0

tape ur leds if ur tinfoil or unhook the circuit, they are only needed for diagnostics anyway.

hiddenvoicecommands.com/home

6000 baud isn't exactly yuge bandwidth to exfil data.

and you know, who the fuck plugs that shit in? I sure don't want LEDs flashing in my eyes every time I do a HDD access.

heh. Pretty much. Why does nobody on here take into account human failibility? (and the fact that NOBODY does their job correctly)

>monitors emit EM radiation

no shit sherlock light is included in that spectrum

Fancy Morse code using a light. Ships used to do it to communicate at sea. They couldn't string up telegraph wires so a light that could be flashed using a shutter was used

/JIDF/ here, ask me anything

How do they get the ability to see the computers? Do they really think people put these computers near a window?

Actually it is something – getting malware on an airgapped computer has been done regularly, but getting useful info back out is more difficult. Especially if your physical access you use for your attack is only a few seconds.

youtube.com/watch?v=4vIu8ld68fc
Cyberpunk has, beyond any doubt, arrived. Show that drone video to someone from the 90s and they'll believe it to be from a hacker movie.

>6000 times a second
>camera has a record speed of 30 fps

am I not getting something?

>it's a Mossad watches you sleep with their drones while also reading your HDD thru the leds all while the CIA is spoofing your RGB signal wirelessly thru the wall because they can do it too oh and the NSA has been on your facebook since you started using it and they know EVERYTHING episode

>6000 times a second
>camera has a record speed of 30 fps
>am I not getting something?

>According to the researchers, the data can be transferred at rate as fast as 4,000 bits per second with a specialized Siemens photodiode sensor on the drone

>hdd light on motherboard
>cant turn off

botnet wins again

Don't use a standard camera.

>Israeli researchers
Why am I not surprised?

>Fucking crazy shit man...
That's not crazy.

If there's an input and an output, any of them, then there's a possible leak. Then it's just a matter of bitrate. You could modulate the speed of the fan and listen to it with a mic, flash numlock lights on the keyboard... you can even have two software on a computer communicate by measuring HDD access times, each one alternating reading huge files and blocking each other, resulting in communicating one bit each time.

That's not "research", that's just pointing out the obvious. Though most of those are Lube Goldberg machines that only work in ideal conditions. Being secure is simple: list all inputs and outputs, and sabotage what you don't need until you keep the minimum.

>Lube Goldberg
>Lube
>Lube

Really nothing new. You can do that with CPUs as well, that's why governments buy expensive PC cases that filter this stuff. I assume they also have no LEDs. It would be also great if you did research instead of linking fucking Russia Today.

>Lube Goldberg
Sounds like a Rube Goldberg device for perverts.

If you want to turn it off, unplug at the motherboard. But, this attack will mainly be used to get info off internet-disconnected devices, so you're relatively safe on that front.

Nice try but I disconnected all my LEDs.

A weapon to surpass Metal Gear

Tell me about how you fucked up Iran's SCADA at the nuke facilities.

Wasn't there one that turned your monitor into an antenna?

Did they actually exfil any data from the nuke plants? I thought they just spun the centrifuges until they broke using a day zero exploit

how do you record 6000 blinks per sec with 24/30/60 fps cameras again?

You don't, they use a special optical sensor

just a regular camera

No, the Iranians were writing the malware and it destroyed their own shit.

so not only do you need to infect the software, but you also need to jury-rig an additional module onto the camera?

>Did they actually exfil any data from the nuke plants? I thought they just spun the centrifuges until they broke using a day zero exploit
No one knows. We only know what NYTimes leaked and they didn't mention many details.

>6000bps

hmmmm

that's brilliant, genius even, in the classical sense.

look up stuxnet if you really want a good read. they should make a movie about that

this

it's best for getting things like credentials, and decryption keys. but if you have persistence, and time on your side, sky's the limit

>Video: youtube.com/watch?v=RChj7Mg3rC4
HOW THE FUCK DOES THIS WORK?????

I read the description but still don't get it:

>Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems has been demonstrated in recent years, exfiltration of data from air-gapped networks is still a challenging task. In this paper we present GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies. Rogue software on an infected target computer modulates and transmits electromagnetic signals at cellular frequencies by invoking specific memory-related instructions and utilizing the multichannel memory architecture to amplify the transmission. Furthermore, we show that the transmitted signals can be received and demodulated by a rootkit placed in the baseband firmware of a nearby cellular phone. We present crucial design issues such as signal generation and reception, data modulation, and transmission detection. We implement a prototype of GSMem consisting of a transmitter and a receiver and evaluate its performance and limitations. Our current results demonstrate its efficacy and feasibility, achieving an effective transmission distance of 1-5.5 meters with a standard mobile phone. When using a dedicated, yet affordable hardware receiver, the effective distance reached over 30 meters.

This part:

>Rogue software on an infected target computer modulates and transmits electromagnetic signals at cellular frequencies by invoking specific memory-related instructions and utilizing the multichannel memory architecture to amplify the transmission.

WTF ARE THEY DOING?!?!?!?!?!??!?!?!?

What is electrical tape.

Well compared to the fact that they can decrypt your hdd by recording the sounds of it through a shitty microphone, this is nothing.

Better keep that smartphone away from your computer when using your encryption key

Put tinfoil on them.
Tinfoil is not a conspiracy it blocks 100% of light.
I'm fucken serious.

Every computer comes pre-infected with stuxnet from the factory.

BIOS is the ultimate virus.

>Not using your computer inside of a completely air tight bunker with no windows
>Being this computer illiterate
You diverse everything you get

>how does this work?
Like infrared only with visible light.
Or mores code.

It downloads more RAM then installs Limewire on the new RAM to hack your gibson.

>a drone

What do they think this is, Rainbow Six Siege?

It has a bandwidth of 6Kbit/s. Whatever drone would be hovering around the room would probably have to be there for quite a while.

So... it's fucking nothing.

Dependent on both A) get physical access to install the malware, and B) get your drone thing into the secure area and in a position where it can watch a machine's HDD light in a locked room with no windows.

If you can do the above you could have just stolen the data the old-fashioned way.

Good luck on getting physical access to this

What part of basement master race do you not understand?

Use the computer in the basement with no windows and no drones.

What if they need to get keys for encrypted files and partitions? Keys for encrypted communication channels and some network logs?

This explains the sudden popularity of rgb components. They're all controlled with software too.

Yes sound modulation and ultrasound are far superior to leds.
Also infrared is great.