Flatbed Scanners Used As Relay Point For Controlling Malware

An anonymous reader writes: "Scientists from two Israeli universities have come up with a way to use flatbed scanners as relay points when sending commands to malware installed on an air-gapped computer," reports BleepingComputer. "Further research also revealed the scanner could also be used to relay stolen data to a nearby attacker. The technique they came up with revolves around the idea that a beam of light could be interpreted as a binary 1 and the lack of visual stimulant can be considered a binary 0."

The attacks can be carried out with lasers mounted on drones, on fixed stands, or by hacking smart light bulbs present near the targeted computer. Attack distances can go up to 900 meters (0.56 miles). During their tests, researchers sent various commands to the PC, such as "d x.pdf" (delete file x.pdf) and "en q" (encrypt folder q). Relaying such commands took between 50 to 100 milliseconds. This research was done by the same team that created methods to steal data from PCs using a hard drive's LED, fan heat, sounds emanated by a computer's GPU fan, electromagnetic signals given out by the GPU, and electromagnetic signals given out by an USB bus.
Here's a PDF of the report, which is titled "Oops!...I think I scanned a malware."

Re:

[FatdogHaiku]

Seems legitmate, just another variation on TEMPEST style attacks

I'm OK then. I'm running TeaPot 3.14...

This is the most impractical attack I've heard of

[Anonymous Coward]

So you have to get malware on to the air-gapped computer, but once you've done that you can control it from hundreds of meters away using a laser, a hacked smart light globe and a flatbed scanner with the lid open. Riiiiiiiiiiiiiiiiiiiiiiiiiiight . . .

Re: This is the most impractical attack I've heard

[Raymond Morgan]

"Alright Q, very funny... How do I really do it?" "James that's it, that's how you do it". *Sighs and just grabs the actual computer and hotfoots it*