Skip to main content
  1. Home
  2. Emerging Tech
  3. Computing
  4. Smart Home
  5. News

Targeting flatbed scanners could allow hackers to break into secure "air-gapped" computer systems

Add as a preferred source on Google

Like some geeky, tech-savvy version of the Circle of Life song from The Lion King, there’s a never-ending feedback loop between the ingenuity of hackers and security-minded researchers’ attempts to think one step ahead of them.

The latest example comes courtesy of researchers from the Cyber Security Research Center at Israel’s Ben-Gurion University, who have conceived of a method by which hackers could bypass firewalls and intrusion-detection systems by hacking flatbed scanners using a laser-toting drone.

Recommended Videos

“This work presents a way in which an organization’s scanner can be used as a gateway for the purpose of communication under the radar with previously installed malware, even on isolated networks, with an outside attacker using a laser,” Ben Nassi, a graduate student at the Cyber Security Research Center, who was a co-author on a paper describing the method, told Digital Trends. “In addition, it shows how trying to hide the scanner from the line of sight won’t help because an Internet of Things device that’s located nearby can be hijacked and used as a means to module the command to the scanner.”

The method is effective from a distance of 900 meters using lasers that can be easily purchased online from places like eBay. Using the technique, the researchers were able to achieve data transmission rates of 25-50 milliseconds per bit. No, that’s not going to match your broadband download speed, but it’s enough to send commands that could control a bot on an isolated “air-gapped” system, meaning one that’s not otherwise connected to the outside world.

The attack does require that malware is first installed on a system somehow, but after that it could be commanded in certain terrifying ways — such as Nassi’s uncomfortable examples of “shutdown system” or “launch missile.”

So if simply moving your flatbed scanner out of line of sight won’t work, what does he suggest as a possible solution? “We suggest you disconnect the scanner from the network and use via a proxy computer that will be monitored by a model that has learned to identify the attack,” he continued. “That way anyone trying to send a message to the organization will be detected and prevented.”

While this may seem extra-cautious, when you’re dealing with computer systems that can potentially cause massive amounts of damage — either by controlling systems we rely on or through the leaking of sensitive data — you really can’t be too careful.

We bet you’ll never look at your innocuous flatbed scanner the same way again!

Luke Dormehl
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Chrome is getting better at understanding the breaks and punctations you never say out loud
Voice typing in Chrome is about to feel much more natural
Google Chrome on Android Featured

Google is quietly making voice dictation in Chrome feel a lot more natural. With the latest Chrome 151 Beta, the company is introducing a new capability that allows the browser's speech recognition engine to automatically infer punctuation based on the way people speak, eliminating the need to explicitly say commands like "comma" or "full stop."

The update may sound minor at first glance, but it addresses one of the biggest frustrations with voice typing: speaking naturally often produces text that lacks punctuation unless users consciously dictate every punctuation mark. By teaching Chrome to understand pauses, rhythm, and speech patterns, Google is taking another step toward making conversations with computers feel more human.

Read more
Horror films play music to warn about danger. These headphones use the same trick to save you from robots
Spherephones replaces factory alarms with music that tells you what is coming and from where.
spherephones-georgia-tech

The ear has always processed what is coming before the eye does. In horror movies, the music always tells you something bad is coming. Now researchers at Georgia Tech are using the same idea in real life to keep factory workers safe around robots.

They have built a wearable headset called Spherephones that converts nearby robot movement into spatial music, giving you a warning before a machine gets too close. It helps the user stay aware without breaking their attention.

Read more
Elon Musk refutes report claiming that an AI device is in development at SpaceX
The billionair's two-word denial on X doesn't explain what part of the Wall Street Journal's report he's disputing.
Elon Musk speaking into a microphone with a blue background

Elon Musk has denied a Wall Street Journal report claiming SpaceX showed investors a prototype AI device before its recent IPO. "Utterly false," Musk wrote on X, responding to a post about the report that has since been deleted, offering no further explanation.

A denial that leaves more questions than it answers

Read more