LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems

TL;DR

LaserShark introduces a novel laser-based method for bidirectional, high-speed communication with air-gapped systems by exploiting built-in LEDs, enabling data transfer over 25 meters without additional hardware.

Contribution

This work demonstrates the first long-distance, bidirectional covert channel into air-gapped systems using laser illumination of existing LEDs, achieving high data rates.

Findings

Achieves 18.2 kbps inbound and 100 kbps outbound data rates.

Operates effectively over distances up to 25 meters.

Applicable to any device with LEDs at the CPU's GPIO interface.

Abstract

Physical isolation, so called air-gapping, is an effective method for protecting security-critical computers and networks. While it might be possible to introduce malicious code through the supply chain, insider attacks, or social engineering, communicating with the outside world is prevented. Different approaches to breach this essential line of defense have been developed based on electromagnetic, acoustic, and optical communication channels. However, all of these approaches are limited in either data rate or distance, and frequently offer only exfiltration of data. We present a novel approach to infiltrate data to and exfiltrate data from air-gapped systems without any additional hardware on-site. By aiming lasers at already built-in LEDs and recording their response, we are the first to enable a long-distance (25m), bidirectional, and fast (18.2kbps in & 100kbps out) covert communication channel. The approach can be used against any office device that operates LEDs at the CPU's GPIO interface.