Computers previously thought to be safe, because they are not internet connected, can fall victim to having their indicator manipulated so that it flashes thousands of times a second to emit data in morse code, research has found.
A drone flown into the computer’s line of sight could pick up this information at a rate of an A4 page every five seconds.
Britain’s National Cyber Security Centre stressed organisations’ most sensitive data is often stored on computers separated from the internet.
“The lack of a connection protects them from most external attackers, and even if the machine is infected with malware, the data is difficult to exfiltrate,” it added.
But researchers at Ben-Gurion University, Israel, flew a drone outside an office building and received the transmitted information once the computer was compromised, which could be done by a corrupt insider with a USB stick.
Researcher Mordechai Guri said: “The small hard drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance.
“The LED is always blinking as it’s doing searching and indexing, so no one suspects, even in the night. It’s very covert.”
The technique could be used to steal some encryption keys within seconds.
The NCSC stressed that this type of attack requires infecting machines with specific malware, and could be mitigated by covering LEDs with opaque tape — or closing window blinds.
Cyber security experts warned that hackers could also mount a bogus wifi access point on to a drone and fly it into an organisation’s complex, where it could impersonate a corporate network.