Press Release 117/2021

IT Security: Computer Attacks with Laser Light

LaserShark: KIT Researchers Demonstrate Hidden Communication into Air-Gapped Computer Systems – Data Transmitted to Light-emitting Diodes of Regular Office Devices
As Data may be transferred via light, security critical systems need optical protection. (Photo: Andrea Fabry, KIT)
As Data may be transferred via light, security critical systems need optical protection. (Photo: Andrea Fabry, KIT)

Computer systems that are physically isolated from the outside world (air-gapped) can still be attacked. This is demonstrated by IT security experts of the Karlsruhe Institute of Technology (KIT) in the LaserShark project. They show that data can be transmitted to light-emitting diodes of regular office devices using a directed laser. With this, attackers can secretly communicate with air-gapped computer systems over distances of several meters. In addition to conventional information and communication technology security, critical IT systems need to be protected optically as well.

Hackers attack computers with lasers. This sounds like a scene from the latest James Bond movie, but it actually is possible in reality. Early December 2021, researchers of KIT, TU Braunschweig, and TU Berlin presented the LaserShark attack at the 37th Annual Computer Security Applications Conference (ACSAC). This research project focuses on hidden communication via optical channels. Computers or networks in critical infrastructures are often physically isolated to prevent external access. “Air-gapping” means that these systems have neither wired nor wireless connections to the outside world. Previous attempts to bypass such protection via electromagnetic, acoustic, or optical channels merely work at short distances or low data rates. Moreover, they frequently allow for data exfiltration only, that is, receiving data. 

Hidden Optical Channel Uses LEDs in Commercially Available Office Devices

The Intelligent System Security Group of KASTEL – Institute of Information Security and Dependability of KIT, in cooperation with researchers from TU Braunschweig and TU Berlin, have now demonstrated a new attack: With a directed laser beam, an adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-side at the attacked device. “This hidden optical communication uses light-emitting diodes already build into office devices, for instance, to display status messages on printers or telephones,” explains Professor Christian Wressnegger, Head of the Intelligent System Security Group of KASTEL. Light-emitting diodes (LEDs) can receiving light, although they are not designed to do so. 

Grafische Darstellung des Lichtweges vom Computer zu den Haushaltsgeräten
Schematic representation of the hidden optical communication channel, via which a physically isolated system may be attacked. (Figure: KASTEL/KIT)

Data Are Transmitted in Both Directions

By directing laser light to already installed LEDs and recording their response, the researchers establish a hidden communication channel over a distance of up to 25 m that can be used bidirectionally (in both directions). It reaches data rates of 18.2 kilobits per second inwards and 100 kilobits per second outwards. This optical attack is possible in commercially available office devices used at companies, universities, and authorities. “The LaserShark project demonstrates how important it is to additionally protect critical IT systems optically next to conventional information and communication technology security measures,” Christian Wressnegger says. 

To foster future research on covert communication channels and bridging the air gap, the researchers publish the program code used in their experiments as well as the raw data of their measurements on the LaserShark project website at:

Original Publication

Niclas Kühnapfel, Stefan Preußler, Maximilian Noppel, Thomas Schneider, Konrad Rieck, and Christian Wressnegger, “LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems”. Proceedings of the 37th Annual Computer Security Applications Conference (ACSAC). 2021. DOI: 10.1145/3485832.348591 

For the preprint, click: 

Details on KASTEL: 

Details on the KIT Information Center: 

Being “The Research University in the Helmholtz Association”, KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility, and information. For this, about 10,000 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 22,800 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life. KIT is one of the German universities of excellence.

or, 21.12.2021

Margarete Lehné
Chief Press Officer (acting)
Phone: +49 721 608-41105
Fax: +49 721 608-43658
presse does-not-exist.kit edu

Contact for this press release:

Sandra Wiebe
Press Officer
Phone: +49 721 608-41172
sandra wiebe does-not-exist.kit edu
The photo in the best quality available to us may be requested by
presse does-not-exist.kit edu or phone: +49 721 608-41105.