A group of researchers in Germany recently released a newly developed exploit they dubbed “LaserShark” which uses a laser beam to create a 100kbps outbound and 18.2kbps inbound connection to otherwise physically isolated systems targeting built-in LED. The LED in question must be mounted on the General Purpose Input/Output (GPIO) interface of the CPU embedded in the target system. So called “air gapped” systems typically have no external wired or wireless connections and are used to secure critical internal applications. However, a number of supply chain and physical attacks, such as leaving a USB drive as bait, have historically been successfully utilized in order to overcome these defenses and compromise systems. In modern cyberespionage or cyber disruption applications, however, it can be useful to maintain contact with malicious code loaded into air gapped systems for command and control (C2) or data exfiltration purposes. Currently, the LaserShark relies on a prior compromise using a physical or supply chain attack vector in order to establish the two-way connection via LED.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is