Cameras can steal data from computer hard drive LED lights: study

February 22, 2017
Credit: George Hodan/Public Domain

Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have demonstrated that data can be stolen from an isolated "air-gapped" computer's hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.

In the new paper, the researchers demonstrated how data can be received by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer. Click here to watch a video of the demonstration.

Air-gapped computers are isolated—separated both logically and physically from public networks—ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organization's most sensitive and confidential information.

Led by Dr. Mordechai Guri, head of R&D at the Cyber Security Research Center, the research team utilized the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops. The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second)—a rate that exceeds the capabilities. As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or .

"Our method compared to other LED exfiltration is unique, because it is also covert," Dr. Guri says. "The hard drive LED flickers frequently, and therefore the user won't be suspicious about changes in its activity."

Dr. Guri and the Cyber Security Research Center have conducted a number of studies to demonstrate how malware can infiltrate air-gapped computers and transmit data. Previously, they determined that computer speakers and fans, FM waves and heat are all methods that can be used to obtain data.

Explore further: Cellphones can steal data from 'air-gapped computers'

Related Stories

Cellphones can steal data from 'air-gapped computers'

July 28, 2015

Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information ...

BitWhisper turns up heat on air-gap security

March 24, 2015

Ben Gurion University reported Monday that researcher Mordechai Guri, assisted by Matan Munitz and guided by Prof. Yuval Elovici, uncovered a way to breach air-gapped systems—that's quite something considering that air-gapped ...

USB malware goes after air-gapped computers

March 26, 2016

Uh-oh. USB malware trouble again. Earlier this week, iTWire and other sites reported on USB-based malware that steals data. "USB Thief" is also described as Win32/PSW.Stealer.NAI affecting computers.

Recommended for you

Chinese fans trash blackout as Google AI wins again

May 25, 2017

Chinese netizens fumed Thursday over a government ban on live coverage of Google algorithm AlphaGo's battle with the world's top Go player, as the programme clinched their three-match series in the ancient board game.

43 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

krundoloss
not rated yet Feb 22, 2017
Wow! If someone has gone that far, to place malware on your air-gapped system, fly a drone by your window, and read optical data from a HDD LED, you are dealing with some serious people!
dlethe
1 / 5 (1) Feb 23, 2017
Now WHY would somebody point a camera at LEDs when they could just as easily point it to the keyboard and monitor where they can steal a lot more information. Better yet, if the system is unprotected enough to allow the installation of some malware then it would be much more efficient for the malware to send data over the internet, or wifi, or whatever.
axemaster
5 / 5 (4) Feb 23, 2017
So they're just implementing an IrDA-like protocol... not very interesting.
antialias_physorg
5 / 5 (4) Feb 23, 2017
You could also use the LEDs on the keyboard (or any of the status LEDs that are used on a laptop). Heck, you could probably hijack a pixel on the screen and use that.

Anything that makes light (or sound) on a machine can potentially be used to bridge an air gap (from LEDs to power supplies to hard disc drive heads, to ... )
gkam
1 / 5 (6) Feb 23, 2017
None of my enemies are that smart.

But when we taught a three-day Powerline Harmonics course at Sandia National Labs in Livermore, they were concerned about folk knowing what they were doing by sampling the powerlines, so we taught isolation techniques, . . and found some wiring problems in the area.

I wondered how wiring errors could exist in a place so carefully built and maintained and checked.
Uncle Ira
3.7 / 5 (6) Feb 23, 2017
None of my enemies are that smart.
Thanks, that is a thing we all were spending a lot of time wondering about.

But when we taught a three-day Powerline Harmonics course at Sandia National Labs in Livermore, they were concerned about folk knowing what they were doing by sampling the powerlines, so we taught isolation techniques, . . and found some wiring problems in the area.
So they were using the power-lines to send their data around? At Sandia Labs?

I wondered how wiring errors could exist in a place so carefully built and maintained and checked.
You would wonder that. I would have wondered why they use power-lines to move their doings back and forth instead of a dedicated communication system.

Did you wear your silly looking pointy cap (with the stars and moons on him) while you was teaching Sandia Labs they did not know their business?

You really wonder why everybody here thinks you are a moron?
SCVGoodToGo
4.2 / 5 (5) Feb 23, 2017
Did you wear your silly looking pointy cap (with the stars and moons on him) while you was teaching Sandia Labs they did not know their business?


The Installation Wizard demands that you close all running processes.
gkam
1.7 / 5 (6) Feb 23, 2017
Not a very good try, Toots. Your need to punish me for being real gets you into these silly states. Apparently you do not understand the problem.

Yeah, the the Sandia Library bought seven copies of my Power Quality Manual. What did they ask from you?

I also taught the download engineers going to Alice Springs, and installation engineers from Cray, back in the late 1980s. It is called Power Quality, and I was dealing with it before it was named.

For a price, I'll send you copies of my seminar materials. Then, I'll explain them to you.
Uncle Ira
3.7 / 5 (6) Feb 23, 2017
Did you wear your silly looking pointy cap (with the stars and moons on him) while you was teaching Sandia Labs they did not know their business?


The Installation Wizard demands that you close all running processes.


What you think I am making up the joke? Non Cher, he really has the silly looking pointy cap (with stars and moons) on him. He is proud of him he even put it on his consulting interweb page to drum up business. Have a lookee-loo at him,,,,,

http://www.kamburoff.com/

That ought to instill confidence in the engineers and PhDs at Sandia Labs when he comes to consult, eh?

Oh yeah, I almost forget. He also has a silly looking Three-Musketeer cap he is really fond of too. Without the feather, I think he lost that riding around Thailand on his motor scooter. The Air Force give that one to him. I don't know if he wears it when he is consulting like the other one, mostly he wears him when he playing Super-Duper-Air-Force-Radio-Repairman.
gkam
2.1 / 5 (7) Feb 23, 2017
I think Ira assumed this is Twitter and his high-school bulletin board.

I take back my offer to teach you about Power Quality.

It was too daunting a task, anyway.
Uncle Ira
3.5 / 5 (8) Feb 23, 2017
I take back my offer to teach you about Power Quality.
Not that I think there is much you could teach me (I'm the one who knows Fourier Transforms and Series while you have to hire a maths guy), but I was really looking forward to seeing you up close and in person wearing one of your silly looking caps.

It was too daunting a task, anyway.
It would be for a goober like you, yeah?
Estevan57
5 / 5 (5) Feb 23, 2017
The Israelis are showing off their cyber security skills again. Articles like this are good advertising for them and increase sales for their services. They are good enough that even the Arab nations use them (semi-clandestinly) to guard their data.

Look at the related stories! ha ha Looks like a news release every fiscal quarter.
gkam
1.7 / 5 (6) Feb 24, 2017
Estevan is right this time. The Israelis sold our banks a management program with back doors in it.

But this remark is funny: "(I'm the one who knows Fourier Transforms and Series while you have to hire a maths guy)"

Get your pencil out in the field and you will be escorted out of the building. We do not use Fourier Transforms in the field, we use instruments.

The math is not the object, it is the understanding of what the information means. There are a lot of kids like you who get a day of these in homework, probably not understanding the implications in real systems.
Uncle Ira
5 / 5 (7) Feb 24, 2017
Get your pencil out in the field and you will be escorted out of the building.
Skippy, you say you are the 15 different kinds of engineer and you are not ashamed to say something goofy like that? Escorted out of the building, Cher, are you smoking your medicine a little early today?

Escorted out of the building. How you come up with this silly stuffs. Now if you were an engineer and repeatedly showed up for work WITHOUT a pencil,, then they would send you off to your next "REAL" engineer job. Is that how you lost so many engineer jobs? You kept telling them you don't use pencils?

We do not use Fourier Transforms in the field, we use instruments.
You don't use the Transforms anywhere because you are not a "REAL" engineer. You just play one on the interweb (and not very good at it either.) I wonder what your supervisor, the real engineer, would say if he knew you put into the "lawn guy" category and only "hired" him when you needed him.

gkam
1 / 5 (5) Feb 24, 2017
I worked for myself the last 20 years of working, and had no "supervisor". Do you need one?

Go to those graphs on my website and let's discuss how real world problems look and their implications for the electrical system and other loads.

And if you want to see how real waveforms cause problems, go to the original source of this information, the "Handbook of Power Signatures", by Alexander McEachern, the inventor of the graphic PQ monitor/analyzer. Page ten shows you how to interpret the waveforms based on local conditions.
Arthur_McBride
4.4 / 5 (7) Feb 24, 2017
@ gkam. Seriously? I'm with your mate Ira on this one.

No engineer would ever be caught without a pencil at hand, in the field, the office or even riding in his car. And only a person who has no true engineering or technical background would suggest the Fourier Transforms are performed in the field or with only a pencil. They certainly could be, but you had best pack a lunch and dinner. You really don't know what Fourier Analysis is, do you? That shows you are an outsider to almost any field of engineering except at the unskilled level.
gkam
1 / 5 (5) Feb 24, 2017
Oh, stop it. I consulted to power companies for those 20 years. I was the primary instructor for the national Power Quality Course which I helped to write.

A pencil is for taking notes, not doing math onsite. And where does he get the data for the transforms? Why not just let that instrument calculate it for them? And what is he going to do with that information on the factory floor? Is he going to stand there and do math, wasting time?

We are interested in crest factor, harmonics, disturbances, and Grounding, which is most important, not math.

Ira is not my mate.
Uncle Ira
4.3 / 5 (6) Feb 24, 2017
I worked for myself the last 20 years of working, and had no "supervisor". Do you need one?
As far as anybody knows, that means you were unemployed.

Go to those graphs on my website and let's discuss how real world problems look and their implications for the electrical system and other loads.
Cher, I hate to break it to you. Those graphs are things any high school algebra or pre-calculus student could do. And guess what else? The ones you made using an on-line helper? They use the Fourier Analysis and you did not even know that.

Bottom line, your really super-duper-consulting engineer interweb place? It is beginning tech school stuffs, it is not engineering.

http://www.kamburoff.com/

Cher, this is not the place you want to be bragging about that interweb site at, eh? It's actually pretty lame.
Uncle Ira
4.4 / 5 (7) Feb 24, 2017
Ira is not my mate.
Why I am not your mate Cher? I am one of the only five or people here who will talk to you.
gkam
1 / 5 (5) Feb 24, 2017
Mr. McBride, often the situations in operating factories is so complex, it makes sense to do a complete walk-through before even taking notes. We deal with interactions of loads and power systems, and how those affected systems affect other loads. It can be as complex as an organism, which is how I teach it.

The math I use is simple, but the analysis of waveforms is important, with the understanding of their implications for the different kinds of electrical system architectures.
Uncle Ira
5 / 5 (6) Feb 24, 2017
@ Arthur-Skippy. How you are Cher? I am good, thanks for asking.

I just like fooling around with glam-Skippy because his first month here, (actually his first week here) he told us he was the Electrical Engineer, the Electronic Engineer, the Materials Engineer, the Nuclear Testing Engineer, the Foundry Engineer, the Communications Engineer, the Senior Technical Services Power Engineer (I kid you not Cher, he really put that one together.), the Chicken Plant Senior Inspector (non, I am not kidding about that), the Robotics Engineer, and the Consulting Engineer. He also worked on all the top secret air planes. And fought in the war as bench tech in the radio shop in Thailand that caused him PTSD from riding around on a motor scooter..

Yeah, he capitaled the titles so he lied by default, eh, but we busted him on that because he did not know what a PE is.

Ask anybody here and don't take my word for it. He really claimed all that stuffs and a lot more too.
Arthur_McBride
4.4 / 5 (7) Feb 24, 2017
Mr. McBride, often the situations in operating factories is so complex, it makes sense to do a complete walk-through before even taking notes. We deal with interactions of loads and power systems, and how those affected systems affect other loads. It can be as complex as an organism, which is how I teach it.

The math I use is simple, but the analysis of waveforms is important, with the understanding of their implications for the different kinds of electrical system architectures.


I am sure that might work down at the pub, but it really has the odor of a poser to me. I AM an engineer so I am quite sure you are not.
gkam
1 / 5 (5) Feb 24, 2017
Oh, good. What kind?

Actually work in the field? I had no engineering classes, but taught it to "real" engineers who had it in school, but did not understand it. Sorry, but I am real. It really got to Ira.

No pub. I gave up drinking, having seen too many disgusting drunks.
TheGhostofOtto1923
4 / 5 (4) Feb 24, 2017
And fought in the war as bench tech in the radio shop in Thailand that caused him PTSD from riding around on a motor scooter..
-And he was a black ops spook working directly for mcnamara at the time. Dont forget that.

What a clown.
Uncle Ira
4.4 / 5 (7) Feb 24, 2017
I had no engineering classes, but taught it to "real" engineers who had it in school, but did not understand it.


@ Arthur-Skippy. See what I mean? He really claimed to be all those different kinds of engineers. But he had no engineering classes. Then (and I am not making this up, he really said it over and over and over) after learning all those different kinds engineer he when out and taught it for 10 years to 33,000 engineers who did not understand it after they got out engineering school. I don't know where you when to engineering school, but the ones around have not even the professors have that many different students in 40 or 30 years

Sorry, but I am real. It really got to Ira.
Yeah, he a real something, eh?

I gave up drinking, having seen too many disgusting drunks.
Does being the pothead for 40 years count?
gkam
1 / 5 (5) Feb 24, 2017
Ira does not understand how some of us do not want to do the same stuff every day. Do you? Wouldn't you like to see what it is like to work in her fields? Learn new techniques and technologies and ways of organizing reality? No?

Yeah, I had an interesting life in many fields, and was lucky enough to do some good things and witness others, good and terrible. I came on this forum thinking it was like the professional fora I used to frequent, with real people, using real names discussed real things. This forum seems to be the bridge over too many trolls, who refuse to take responsibility for their own words.

Do not let your need to scorn overtake your rationality.
gkam
1 / 5 (5) Feb 24, 2017
Two anonymous jerks on the internet. Do you assume you have anything to say?

Send your new buddy to my professional reviews in the dossier Stumpy keeps on me, in his stalking. I am real, you are anonymous and cowardly.

Look me up, Arthur. I am George Kamburoff, the one who actually did teach over 30,000 people in my seminars and classes.

Then look up "Ira". See who is real.
Arthur_McBride
4.4 / 5 (7) Feb 24, 2017
I came on this forum thinking it was like the professional fora I used to frequent, with real people, using real names discussed real things.


@ gkam. So help me understand this. You USED to frequent professional forums, but you came over here because? Is it maybe because they USED to call you out for posing more quickly than they do here? Otherwise I would think you would stay with the professional forums. It seems your mate Ira uses that to his advantage. Ever consider a different tack?

You can have the last word because I have other things to do.
gkam
1.8 / 5 (5) Feb 24, 2017
I knew he would coward out when it came to proof.

But the issue here is the Israelis scanning your blinkin' light. First they have to put the program into my computer, and have a reason to do so.
Uncle Ira
5 / 5 (4) Feb 24, 2017
I knew he would coward out when it came to proof.
You talking about me or the Arthur-Skippy? Must be him because you know me better than that.

First they have to put the program into my computer, and have a reason to do so.
Maybe your older brother would do it just to mess with you, eh Cher? Just to be sure I think I will disconnect that little blinking LED, it bugs me sometimes anyway.

Good, a little piece of black tape took care of that. Your older bother can't get in here, non.
TheGhostofOtto1923
5 / 5 (2) Feb 24, 2017
@ gkam. So help me understand this. You USED to frequent professional forums, but you came over here because? Is it maybe because they USED to call you out for posing more quickly than they do here? Otherwise I would think you would stay with the professional forums. It seems your mate Ira uses that to his advantage. Ever consider a different tack?
-Because hes a lying cheating psychopath and this place is the only one he has found that wont ban him, throw him out, or get the crap beat out of him like the VFW.

Isnt that right george?
gkam
2.6 / 5 (5) Feb 24, 2017
Want to have an insight into the character of someone?

Just look at quality of what "bugs" him.

And how scared he got, already protecting himself against imagined threats.
Uncle Ira
4.3 / 5 (6) Feb 24, 2017
And how scared he got, already protecting himself against imagined threats.
Hey Cher, that is not fair. That is the GREAT BIG LIE. You are the one that kept chirping about your older brother spying on everybody. Were you high those days on the pot and forget about it? If he is imagined, you are the one who imagined him. You told me about him.
Captain Stumpy
4 / 5 (4) Feb 24, 2017
@STOLEN VALOR LIAR-kam
the dossier Stumpy keeps on me
if you didn't want the world to see it, why did you send it knowing full well that it would be posted for public access and presented to everyone?
LOL
I knew he would coward out when it came to proof
the proof is the pudding
lets take a look from content:
Recent Activity for Arthur_McBride
Average rank: 4.6
now lets check the chronic liar
Recent Activity for gkam
Average rank: 1.7
even on PO, an unmoderated site, it is plain to see that you're not capable of talking technical with your "degree" or "experience"

that is why you're not posting to moderated or technical sites

you got Pwned and doxxed as a liar - just like here

reported
Captain Stumpy
3.7 / 5 (3) Feb 24, 2017
Now WHY would somebody point a camera at LEDs when they could just as easily point it to the keyboard and monitor where they can steal a lot more information
@dlethe
well- the keyboard may be blocked or the person may well be security conscious enough to insure there is some protection to insure that others can't watch the keyboard.... however, the HDD light isn't always covered or even addressed by most people, even the most security conscious

on a desktop, it may well be nowhere near the keyboard, and on a laptop, it may be on the side or not in a direct line of sight with the keyboard

more to the point, you don't need to have direct line of sight, as reflections and or monitoring light levels will be enough to insure a pattern (see MIT video here: http://news.mit.e...ons-0804 )

all you need to "see" or track is the differences, which the MIT algorithm enhances
just alter vibration to light fluctuations
Captain Stumpy
3.7 / 5 (3) Feb 24, 2017
@dlethe
(just in case my above wasn't clear enough)

PS - think of a dark room and how even minute light sources stand out to the crappiest biological camera on the planet (the eye)

now consider that most modern camera's can be adjusted to low/high light conditions, which make fluctuations in light highly visible or not, depending

insert algorithm to enhance the fluctuations (which will also read the fluctuations in reflected sources) - this insures that you can also see the light in higher light situations (daytime - office spaces)

and you have a secret super-spy decoder ring

gkam
1.8 / 5 (5) Feb 24, 2017
If the Mossad can put a program on my computer to blink that light too fast for me to see, they had better have a good camera with both high resolution and sensitivity with extremely high number of frames/second, so no flashes are overwritten or missed.
baudrunner
5 / 5 (4) Feb 24, 2017
Now WHY would somebody point a camera at LEDs when they could just as easily point it to the keyboard and monitor where they can steal a lot more information
Uh, if you understood the article completely, the leds are bleeping data like, your password files for example, while the user is oblivious to the whole process. That was what planting the malware that does this on the blinking computer was for.

glad we're clear about that..
TheGhostofOtto1923
3.4 / 5 (5) Feb 24, 2017
If the Mossad can put a program on my computer to blink that light too fast for me to see, they had better have a good camera with both high resolution and sensitivity with extremely high number of frames/second, so no flashes are overwritten or missed
Maybe you should discuss why you think mossad is spying on you with those VA shrinks of yours.

I bet its that old black ops tech spook thing.

Maybe your phantom PV is sending radiation rather than absorbing it. Maybe you imaginary installed it upside down.

You cant even do imaginary right.
Estevan57
3.7 / 5 (3) Feb 25, 2017
Geez gkam, if the Mossad can blow someone up with their own cell phone, do ya suppose they might have a good camera?

An intelligence agency with a good camera? What a novel idea.
gkam
1.8 / 5 (5) Feb 25, 2017
Yeah, I'm terrified.
TheGhostofOtto1923
3.7 / 5 (3) Feb 25, 2017
Yeah, I'm terrified.
That would be impossible because the malformed brain of a psychopath is incapable of feeling emotion.
gkam
1 / 5 (4) Feb 25, 2017
Don't complain to us. Go talk to Mommy.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.