Scientists Can Hack Your Office With Smart Lightbulbs And A Scanner
A group of Israeli researchers found a way to trigger malware by shooting light at an ordinary office scanner
The Internet of Things has turned a host of household objects into easily hackable “smart” devices, creating unprecedented threats to consumers’ security and privacy. But researchers have discovered that even run-of-the-mill “dumb” objects can be hijacked for nefarious purposes — including, apparently, your trusty scanner.
In a recent paper, Israeli researchers from Ben-Gurion University on the Negev joined with the Weizmann Institute of Science to detail a way to covertly manipulate an organization’s network by using light pulses to transmit commands through a household flatbed scanner. While scanners are not typically connected to the internet, the researchers take advantage of their light sensitivity to send commands via a variety of external light sources — including a smart lightbulb and a laser-equipped drone hovering just outside an office window.
“Our method uses light transmitted by an attacker to a flatbed scanner, which is then extracted by a malware installed in the organization,” the researchers write in the paper, which was recently uploaded to the arXiv pre-print repository and is pending peer review. “Our method exploits an organization’s scanner which serves as a gateway to the organization, in order to establish a covert channel between a malware and an attacker.”
The technique assumes that the target network has already been infected by a piece of malware, either through phishing attacks or implanted via a USB stick, as happened with the infamous STUXNET worm. But even after malware is deployed, an attacker generally needs a stealthy means of controlling it, which is where the scanner comes in.
The researchers say that a scanner allows an attacker to communicate with the malware while remaining effectively invisible to standard intrusion detection systems, which monitor network traffic to root out hackers. The technique is also relatively cheap to implement, with the equipment needed to establish the covert channel costing less than $20.
“The main challenge of the attacker is to find ways to control the malware without being detected,” the researchers wrote. “Given a malware/bot installed on organizations’ internal network, the proliferation of flatbed scanners and their connection to the network of the organization, countless organizations are vulnerable to our attack.”
The researchers performed tests with three different experimental setups, including scenarios where the attacker was up to 900 meters away and had no visible line-of-sight to the scanner from the building’s exterior. In one test case, the researchers flew a laser-equipped drone which successfully sent commands to the scanner by shooting it with laser pulses. They were also able to perform the attack from a passing car while the office window’s curtains were closed, using custom software that targets a smart lightbulb in the same room as the scanner.
The technique could be used for various purposes, the researchers say, including deleting important files or triggering ransomware to encrypt the organization’s computers and demanding a ransom right before an important presentation.
The attacks require a significant amount of setup, and in practice they probably wouldn’t be leveraged against all but the highest value targets. But they still demonstrate that in the right circumstances, even non-internet connected devices like scanners, speakers, and computer fans can be repurposed to serve the needs of an enterprising hacker.