Visible to the public "IT Security: Computer Attacks with Laser Light"Conflict Detection Enabled

IT security experts of the Karlsruhe Institute of Technology (KIT) have demonstrated that air-gapped computer systems are still susceptible to being attacked. In a project titled LaserShark, the researchers have shown that it is possible to transmit data to light-emitting diodes (LEDs) of regular office devices through the use of a directed laser. Using this method, attackers can secretly communicate with air-gapped computers over lengths of several meters. Air-gapping is the physical isolation of a computer or network to ensure that it does not connect to the Internet or other Internet-connected system. This security mechanism is intended to protect the computer or network from unsecured networks. According to the researchers, previous attempts to evade such air-gapped protection through electromagnetic, acoustic, or optical channels only work at short distances or low data rates. In addition, they often only allow for data exfiltration. The new LaserShark attack shows that an adversary can introduce data into and retrieve from air-gapped systems without the need for any additional hardware on-site at the targeted device. This hidden optical communication involves LEDs already built into office devices, such as those used to display status messages on printers or telephones. The researchers established a hidden communication channel over a distance of up to 25 m that can be used bi-directionally by directing laser light to built-in LEDs and recording their response. This optical attack could be used against commercially available office devices employed at companies, universities, and more. The LaserShark project emphasizes the importance of optically protecting critical IT systems as well as conventional information and communication technology security measures. This article continues to discuss the presented LaserShark attack that establishes fast bi-directional communication into air-gapped computer systems.

KIT reports "IT Security: Computer Attacks with Laser Light"