Skip to main content
  1. Home
  2. Emerging Tech
  3. News

Targeting flatbed scanners could allow hackers to break into secure "air-gapped" computer systems

By
Infiltration of command to an air-gapped network using a laser installed in a drone via a scanner
Like some geeky, tech-savvy version of the Circle of Life song from
Recommended Videos
The Lion King, there’s a never-ending feedback loop between the ingenuity of hackers and security-minded researchers’ attempts to think one step ahead of them.

The latest example comes courtesy of researchers from the Cyber Security Research Center at Israel’s Ben-Gurion University, who have conceived of a method by which hackers could bypass firewalls and intrusion-detection systems by hacking flatbed scanners using a laser-toting drone.

“This work presents a way in which an organization’s scanner can be used as a gateway for the purpose of communication under the radar with previously installed malware, even on isolated networks, with an outside attacker using a laser,” Ben Nassi, a graduate student at the Cyber Security Research Center, who was a co-author on a paper describing the method, told Digital Trends. “In addition, it shows how trying to hide the scanner from the line of sight won’t help because an Internet of Things device that’s located nearby can be hijacked and used as a means to module the command to the scanner.”

The method is effective from a distance of 900 meters using lasers that can be easily purchased online from places like eBay. Using the technique, the researchers were able to achieve data transmission rates of 25-50 milliseconds per bit. No, that’s not going to match your broadband download speed, but it’s enough to send commands that could control a bot on an isolated “air-gapped” system, meaning one that’s not otherwise connected to the outside world.

The attack does require that malware is first installed on a system somehow, but after that it could be commanded in certain terrifying ways — such as Nassi’s uncomfortable examples of “shutdown system” or “launch missile.”

So if simply moving your flatbed scanner out of line of sight won’t work, what does he suggest as a possible solution? “We suggest you disconnect the scanner from the network and use via a proxy computer that will be monitored by a model that has learned to identify the attack,” he continued. “That way anyone trying to send a message to the organization will be detected and prevented.”

While this may seem extra-cautious, when you’re dealing with computer systems that can potentially cause massive amounts of damage — either by controlling systems we rely on or through the leaking of sensitive data — you really can’t be too careful.

We bet you’ll never look at your innocuous flatbed scanner the same way again!

Editors' Recommendations

Topics
Luke Dormehl
Luke Dormehl
Contributor
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
This AI cloned my voice using just three minutes of audio
acapela group voice cloning ad

There's a scene in Mission Impossible 3 that you might recall. In it, our hero Ethan Hunt (Tom Cruise) tackles the movie's villain, holds him at gunpoint, and forces him to read a bizarre series of sentences aloud.

"The pleasure of Busby's company is what I most enjoy," he reluctantly reads. "He put a tack on Miss Yancy's chair, and she called him a horrible boy. At the end of the month, he was flinging two kittens across the width of the room ..."

Read more
Digital Trends’ Top Tech of CES 2023 Awards
Best of CES 2023 Awards Our Top Tech from the Show Feature

Let there be no doubt: CES isn’t just alive in 2023; it’s thriving. Take one glance at the taxi gridlock outside the Las Vegas Convention Center and it’s evident that two quiet COVID years didn’t kill the world’s desire for an overcrowded in-person tech extravaganza -- they just built up a ravenous demand.

From VR to AI, eVTOLs and QD-OLED, the acronyms were flying and fresh technologies populated every corner of the show floor, and even the parking lot. So naturally, we poked, prodded, and tried on everything we could. They weren’t all revolutionary. But they didn’t have to be. We’ve watched enough waves of “game-changing” technologies that never quite arrive to know that sometimes it’s the little tweaks that really count.

Read more
Digital Trends’ Tech For Change CES 2023 Awards
Digital Trends CES 2023 Tech For Change Award Winners Feature

CES is more than just a neon-drenched show-and-tell session for the world’s biggest tech manufacturers. More and more, it’s also a place where companies showcase innovations that could truly make the world a better place — and at CES 2023, this type of tech was on full display. We saw everything from accessibility-minded PS5 controllers to pedal-powered smart desks. But of all the amazing innovations on display this year, these three impressed us the most:

Samsung's Relumino Mode
Across the globe, roughly 300 million people suffer from moderate to severe vision loss, and generally speaking, most TVs don’t take that into account. So in an effort to make television more accessible and enjoyable for those millions of people suffering from impaired vision, Samsung is adding a new picture mode to many of its new TVs.
[CES 2023] Relumino Mode: Innovation for every need | Samsung
Relumino Mode, as it’s called, works by adding a bunch of different visual filters to the picture simultaneously. Outlines of people and objects on screen are highlighted, the contrast and brightness of the overall picture are cranked up, and extra sharpness is applied to everything. The resulting video would likely look strange to people with normal vision, but for folks with low vision, it should look clearer and closer to "normal" than it otherwise would.
Excitingly, since Relumino Mode is ultimately just a clever software trick, this technology could theoretically be pushed out via a software update and installed on millions of existing Samsung TVs -- not just new and recently purchased ones.

Read more