Imagine this: a drone hacks an offline computer that hosts extremely sensitive company data.
Yes, offline, as in no connection to the Internet whatsoever. Imagine that it could steal that data in under two minutes. Well, you don’t have to imagine. A cybersecurity research group from Ben-Gurion University of the Negev (BGU) in Israel successfully used a drone to hack an offline computer while in flight.
The researchers from BGU stole sensitive data using a camera equipped drone that launched from the parking lot of the building where the infected computer was. In the middle of the night, they managed to steal the contents of the machine in under two minutes. How? The data was transmitted via a blinking LED light on the computer’s button. The drone hacked the offline computer by decrypting the patterns of its flashing LED.
If this sounds like an impossible feat, it’s not.
And if you think your data is safe, it’s time to reevaluate what cybersecurity data plans you have in place. The team of researchers from BGU hacked an offline computer that was air-gapped. Wondering what the heck “air-gapped” is? It simply refers to a computer that is unplugged from any type of network infrastructure. It is not connected to Internet, and it is not connected to any other machines. It’s isolated and therefore thought (or at least it used to be) as safe and secure.
One of the only ways to hack these types of systems is to infiltrate from the inside using something like USBs to transmit malware directly onto the machines. That means every single one of your employees are a threat. A hacker can pay anyone to access exactly what they need to. And they do. The headline Drone Hacks an Offline Computer is not a fairytale, it’s a very real reality.
So what can you do to protect your data? Starting talking with your tech department to make actionable plans and standards. Limit access to machines that contain sensitive company data via secure doors/rooms. Have strong security standards in place. To ensure that networks are secure, segregate your information on specific networks. Just make sure, for starters, you have a plan in place, and if you don’t, it’s time to start thinking about one now.