"...Using the light sensitivity of the scanner, they [security researchers] devised several methods to deliver data via a nearby laser, including one on a drone, and even sent from a passing car to a smart bulb within an organisation's environs. Their incursion could be used to launch ransomware attacks. The paper, "Oops!...I think I scanned a malware," reveals the opportunities afforded bad actors seeking to exploit the popular devices – everything from sheet-fed scanners, integrated scanners, drum scanners and even portable scanners, all used in offices worldwide to transmit written text and images. The trio used light transmitted to a flatbed scanner to infiltrate air-gapped systems. The attack relies on the extraction of malware installed into the organisation, they reported. The method "exploits an organisation's scanner which serves as a gateway to the organisation, in order to establish a covert channel between a malware and an attacker." The attacker, they added, could be at a considerable distance from the targeted scanner..." https://www.pcauthority.com.au/News...-transmitting-light-to-a-flatbed-scanner.aspx
"... and one possible antidote – it involves keeping the scanner closed, since light can't be projected on the pane when the scanner is closed ..." ¡Expletive! I never thought of that! But that bit about connecting a probe to my CPU has me worried...
It would be poor opsec that allowed someone to connect peripherals such as copiers and printers to an airgapped machine especially as so many printer/copiers already had their security compromised by built in wifi. If you want implement data security assume all post 2000 technology has been compromised by design. Although having said that, it doesn't really matter whether you want to believe it was by design or not, just believe it is compromised.
