Skip to main content

Targeting flatbed scanners could allow hackers to break into secure "air-gapped" computer systems

Infiltration of command to an air-gapped network using a laser installed in a drone via a scanner
Like some geeky, tech-savvy version of the Circle of Life song from The Lion King, there’s a never-ending feedback loop between the ingenuity of hackers and security-minded researchers’ attempts to think one step ahead of them.

The latest example comes courtesy of researchers from the Cyber Security Research Center at Israel’s Ben-Gurion University, who have conceived of a method by which hackers could bypass firewalls and intrusion-detection systems by hacking flatbed scanners using a laser-toting drone.

Recommended Videos

“This work presents a way in which an organization’s scanner can be used as a gateway for the purpose of communication under the radar with previously installed malware, even on isolated networks, with an outside attacker using a laser,” Ben Nassi, a graduate student at the Cyber Security Research Center, who was a co-author on a paper describing the method, told Digital Trends. “In addition, it shows how trying to hide the scanner from the line of sight won’t help because an Internet of Things device that’s located nearby can be hijacked and used as a means to module the command to the scanner.”

Please enable Javascript to view this content

The method is effective from a distance of 900 meters using lasers that can be easily purchased online from places like eBay. Using the technique, the researchers were able to achieve data transmission rates of 25-50 milliseconds per bit. No, that’s not going to match your broadband download speed, but it’s enough to send commands that could control a bot on an isolated “air-gapped” system, meaning one that’s not otherwise connected to the outside world.

The attack does require that malware is first installed on a system somehow, but after that it could be commanded in certain terrifying ways — such as Nassi’s uncomfortable examples of “shutdown system” or “launch missile.”

So if simply moving your flatbed scanner out of line of sight won’t work, what does he suggest as a possible solution? “We suggest you disconnect the scanner from the network and use via a proxy computer that will be monitored by a model that has learned to identify the attack,” he continued. “That way anyone trying to send a message to the organization will be detected and prevented.”

While this may seem extra-cautious, when you’re dealing with computer systems that can potentially cause massive amounts of damage — either by controlling systems we rely on or through the leaking of sensitive data — you really can’t be too careful.

We bet you’ll never look at your innocuous flatbed scanner the same way again!

Luke Dormehl
Former Digital Trends Contributor
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Hyundai to offer free NACS adapters to its EV customers
hyundai free nacs adapter 64635 hma042 20680c

Hyundai appears to be in a Christmas kind of mood.

The South Korean automaker announced that it will start offering free North American Charging Standard (NACS) adapters in the first quarter of 2025.

Read more
Hyundai Ioniq 5 sets world record for greatest altitude change
hyundai ioniq 5 world record altitude change mk02 detail kv

When the Guinness World Records (GWR) book was launched in 1955, the idea was to compile facts and figures that could finally settle often endless arguments in the U.K.’s many pubs.

It quickly evolved into a yearly compilation of world records, big and small, including last year's largest grilled cheese sandwich in the world.

Read more
Global EV sales expected to rise 30% in 2025, S&P Global says
ev sales up 30 percent 2025 byd sealion 7 1stbanner l

While trade wars, tariffs, and wavering subsidies are very much in the cards for the auto industry in 2025, global sales of electric vehicles (EVs) are still expected to rise substantially next year, according to S&P Global Mobility.

"2025 is shaping up to be ultra-challenging for the auto industry, as key regional demand factors limit demand potential and the new U.S. administration adds fresh uncertainty from day one," says Colin Couchman, executive director of global light vehicle forecasting for S&P Global Mobility.

Read more