Even computer systems that are physically isolated from the outside world can be exposed to attacks. This is being demonstrated by IT security experts at the Karlsruhe Institute of Technology (KIT) together with partners in the LaserShark project:
Using a directed laser, data can be transmitted to LEDs already installed in devices. This makes it possible to communicate secretly with physically isolated systems over several meters. LaserShark shows that security-critical IT systems must not only be well protected in terms of information and communication technology, but also optically.
Previous approaches only work over short distances or at low data transmission rates; they often only allow data to be smuggled out. The new method, on the other hand, can initiate dangerous attacks: Using a directed laser beam, outsiders can smuggle data in and out of protected systems without the need for additional hardware on site. Hidden optical communication uses light-emitting diodes that are already installed in devices, for example to display status messages on printers or telephones. By directing laser light at already installed LEDs and recording their reaction, the researchers have for the first time established a hidden optical communication channel that extends over distances of up to 25 meters, works in both directions and achieves high data transmission rates of 18.2 kilobits per second inwards and 100 kilobits per second outwards. This attack option affects standard office equipment used in companies, universities and public authorities.
Schematic representation of the hidden optical communication channel that can be used to attack a physically isolated system. (Illustration: KASTEL/KIT)
