If your computer is “air-gapped” (i.e. not plugged into any network) it’s safe, right?
Well, as the Stuxnet virus that infected Iranian computers and destroyed their nuclear centrifuges showed — not so much. The real trick is to infect the air-gapped computer, and there are plenty of human weak links.
However, if the aim is to steal information, rather than just destroy hardware, software or data, things are trickier.
That’s where Mordechai Guri and his team at the Cyber Security Research Center come in. From the guys who brought you US Bee where malware causes a regular USB thumb drive to emit particular electromagnetic waves that another computer with a simple antennae can pick up and decode, comes LED-It-Go.
The system is outlined and contextualized in an article by Wired, but essentially, the malware convinces the blinking LEDs common to Windows system computers to blink super-fast and to reveal information to a drone with a video camera that is as far away as video contact can be effectively established.
So the wrong card in your computer and any passing drone can read your worst secrets — even if you aren’t linked to the internet.
Fortunately the security patch for this is as simple as a pair of scissors and some duct tape to tape over the LEDs. But next time might be more difficult.