LED Lights: Friend or Foe?

elfdump writes: "In an article (pdf) soon to be published in ACM Transactions on Information and Systems Security, security researchers have discovered that data transmitted through modems and routers can be remotely reconstructed from the equipment's LED status indicators. According to experiments, their light-to-information retrieval method is successful even when the light is captured 'at a considerable distance' from the source. If you want to prevent people from spying on your data, you may want to tape up those blinking LEDs!"

WAPs + Airport

[francism]

So I should put big, bulky Duck Tape over my beautiful Airport Base Station? No way! Plus, I get poor enough reception in some parts of my own house, never mind my neighbors spying on me. ;-)

I'll take that risk.

[Corpset]

I imagine it would need a lot of things to actually monitor my leds so I'm not worried. Plus, I like too look at them and I won't let them take that away from me :)

Re:I'll take that risk.

[hagardtroll]

At least in this case you know where your data is going. You can see the light coming out of your modem.

If you look around and see someone with some sort of optical device pointed at your modem you can bonk them on the head and tell them to cut it out.

Once it heads out the wire into the rest of the world, you have no clue. If it comes to privacy/security, the modem lights are the least of my concerns.

Yikes...

[mystery_bowler]

At one time I worked with what I thought was a highly paranoid CIO for a manufacturing company. He had custom-made black plastic covers made for every modem in the modem pool (this was waaaay back) for this very reason.

I tried not to think about it but he was convinced that eventually someone would create technology that would re-construct the data transmission based on those LEDs.

If he's reading this (and he knows who he is), you paranoid sod, damn you for being right. *grin*

Re:Yikes...

[DiveX]

"custom-made black plastic covers made for every modem"

You mean electrical tape?

Re:Yikes...

[infinite9]

There's a syndrome to describe this sort of irrational paranoid behavior and I'm sure they make a drug to fix it. Yikes in deed! I shutter to think what horror would come to pass if someone could reconstruct this post from across the street. Oh wait, I have an internal modem. These are the same kind of people who refuse to shop on line because it requires that they transmit their credit card number through an SSL conenction, but gladly give their credit card to an 18 year old waitress in chili's who makes less than minimum wage. I bet he is reading this alright... assuming his aluminum foil hat isn't blocking his eyes.

Re:Yikes...

[mystery_bowler]

No, I'm serious. He wanted the plastic fabrication guys to make these black plastic covers that would slide over the front of the modems. The only reason that it wasn't done was that the CEO told him it would be an waste of plastic and reminded the CIO that the modem pool was locked away in a server room with limited access.

Re:Yikes...

[pboulang]

I tried an internal modem once, but it hurt when I walked.

reminds me of Cryptonomicon

[Fraize]

...where the main character, in fear of his computer being Van Eck phreaked, redirects output from a decryption program to turn on-and-off his scroll-lock key in morse-code.

arrch!

[digitalsushi]

ibm defaced my slashdot page! :'(

Actually

[Corby911]

It makes quite a bit of sense if you think about it. Audiophiles have been using optical output for years (essentially just an LED and a bit of fiber optic cable). What really caught me off gaurd was the distance they were able to capture the data from. Apparently for some, they found they could capture data from "at least across the street".

Almost makes me wish someone cared enough to spy on me so I could prevent it (Duct tape to the rescue!).

Beez

Re:Actually

[mpe]

What really caught me off gaurd was the distance they were able to capture the data from. Apparently for some, they found they could capture data from "at least across the street".

Depends how much power is used. Remember that these indicators probably have a rather higher power output than your average IR remote control unit.

Could be a hoax, but here's a simple solution:

[eples]

Just put a tiny capacitor on your Tx and Rx LEDs.
It's a hoax anyway... ;)

Tested up to 56k...

[pieterh]

The article looks real, but is probably about 5 years too late. I don't know of many people who use external modems. As for routers: the theoretical upper limit is 10Mbs, so my 100Mbps network is safe.

Das Blinkenlights

[mrneutron]

I knew I should have heeded this warning:

ACHTUNG! Alles touristen und non-technischen peepers!
Das machine control is nicht fur gerfinger-poken und mittengrabben. Oderwise is easy schnappen der springenwerk, blowen fuse, und poppencorken mit spitzensparken.

Der machine is diggen by experten only. Is nicht fur geverken by das dummkopfen. Das rubbernecken sightseenen keepen das cotten picken hands in das pockets, so relaxen und watchen das blinkenlights.

Re:Das Blinkenlights

[getagrip]

Here is the babelfish translation:

NOTE! All tourist and non technical peepers! The machine control is not fur gerfinger poken and mittengrabben. Oderwise is easy snatch that branching factory, blowen fuse, and poppencorken with sharpen-deactivate. The machine is by experts diggen only. Is fur do not geverken by the dummkopfen. Rubbernecken sightseenen keepen the that cotten picken hands in pockets, then relaxen and watchen blinkenlights.

Unlikely

[inicom]

(having not yet read the article) the premise is unlikely since most LED's on front panels are designed to stay on for longer than the actual activity lasts - in order to present useful information. If there was a one-to-one correspondence between the data and the LED - it would usually appear to a human viewer as an always-on-but-dim LED since the blink-on time would be so short.

To put it another way - there's a buffer before the LED.

Re:ummm...doubtful

[garcia]

even if it did work, wouldn't it be easier to just find some other method of stealing the information? Who the hell would want to sit there and reconstruct the data sent from blinking lights?

Just my worthless .02

Re:Wow!

[Enry]

Incandescent lights burn out. LEDs last just about forever (or at least the life of the product).

Re:bullshit

[k2enemy]

if you read the article, they implemented this at speeds up to 56k and said the physics should hold up until 10mb. look up at the light in your bedroom. you would probably say that its on. but its really flashing on and off faster than you can see. same thing with that led on your modem. when you see one blink it is most likely a lot of blinks faster than your eye can see, but not faster than optical equipment can see.

Fixing this issue

[pudge_lightyear]

I'll just put my modem upside down...that way, everything will transmit backwards...

Before calling it a hoax, read the article!

[albat0r]

I know, I've thought the same before reading the entire .pdf... But hey, before saying it's a hoax, go read what you're talking about!

I know it sounds crazy, but it seems to be true!

At least, it's easy to fix this security problem... Where have I put that damn duck tape?

Tempest

[Bruce+Perens]

Look around for info on the U.S. government's declassified Tempest program. That shows how you can really do this, by sampling the radio emissions of the equipment. Any rapid switching creates radio waves, if you don't shield them effectively you may indeed leak information off site. There have been demonstrations of reading a CRT by the video monitors radio emissions.

To do this with an LED would require that the LED be actually driven by the data signal. Most of them go on at the start of the packet or byte and go off at the end, they don't go on for 1 and off for 0. So, you might be able to do a little traffic analysis, but you would not be able to recover the data.

Bruce

Re:Tempest

[kitchen]

Tempest for home use

Re:Tempest

[Nick+Barnes]

To do this with an LED would require that the LED be actually driven by the data signal. Most of them go on at the start of the packet or byte and go off at the end, they don't go on for 1 and off for 0.

This is a great theory, but not actually true, at least for modems. Read the paper.

Re:Tempest

[CaseyB]

It's a question of whether the indicator is what the article terms a "Class II" device (signal based on activity) or a "Class III" indicator (signal based on data). You, and everyone else that failed to read the article before posting hunches, can read go read page 10, which has a list of various devices shows those that have class III indicators that are susceptible to the snooping in question.

The Cisco 4000 and 7000 IP Routers are "Class III" devices, and they're relatively popular.

Re:Tempest

[fsmunoz]

Look around for info on the U.S. government's declassified Tempest program. That shows how you can really do this, by sampling the radio emissions of the equipment. Any rapid switching creates radio waves, if you don't shield them effectively you may indeed leak information off site. There have been demonstrations of reading a CRT by the video monitors radio emissions

Indeed. Here is a program that implements just that. Tempest for Eliza is an interisting program... it actually played classical music on my AM radio using the monitor color intensity! There's a mod for mp3 even. Check it out.

cheers,

fsm

Re:Tempest

[Lee164]

I was in the US Army Signal Corps. and worked with communication equipment such as the KW26 which did the encryption of data on the comm. lines. It had the little blinking light on the transmitter side to let you know it was working all right,...till the Army found out that light (a neon) was broadcasting all the data! Part of the tech. job was to lock the system from "Tempest" leaking and we had to remove that light and cut out the wires to it.

This was in 1968, (yes.. I'm a old fart)so this has been known for quite some time, or it should have been known,...looks like they forgot!

Re:Tempest

[geekoid]

The Cisco 4000 and 7000 IP Routers are "Class III" devices, and they're relatively popular.


damn, that mean I'll have to put them in there own room with no windows... wait a minute!

sorry, but it just seemed like the paranio is getting a little high around here.
Quite frankly I don't know of anybody who keeps a Class III device in a room with windows(the glass kind;). And f someone has gotten into that room to be able to spy on the blinking lights, you got bigger problems.

Also it requires the responce time of the LED to be pretty damn high, if you want to have any degree of acuracy at all.

But its still a cool hack.

Re:Tempest

[p3d0]

To do this with an LED would require that the LED be actually driven by the data signal. Most of them go on at the start of the packet or byte and go off at the end, they don't go on for 1 and off for 0.

This got Score:5, Interesting? Dude, read the paper.

Re:Tempest

[livitup]

The Cisco 4000 and 7000 IP Routers are "Class III" devices, and they're relatively popular.

Actually, only the Fast Serial card TD LED was listed as a class 3 device. The "Front Panel Light" (which ever one that is) is a class 2.

Personally I can't see getting anything meaningful out of a moderatley used POS or ATM line card's LEDs.

Re:Tempest

[Ronin+Developer]

To do this with an LED would require that the LED be actually driven by the data signal. Most of them go on at the start of the packet or byte and go off at the end, they don't go on for 1 and off for 0. So, you might be able to do a little traffic analysis, but you would not be able to recover the data.

Actually, that is incorrect. Improper design or construction of the system could produce power fluctuations that directly correlatate with the data signal even in circuits not directly related. These fluctuations can manifest themselves as amplitude modulations in the current driving the LEDs and thus detectable with the proper equipment. This is one of the reasons for ground planes having significantly larger surface area than power and data leads and the proper selection and use of bypass capacitors to shunt AC signals to ground.

RD

Re:bullshit

[jweb]

reconstruct the data from the flashing lights??? whatever. That's so ridiculous it's laughable.

Isn't this how fiber optic cable works? Light pluses traveling down a thin strand of glass to transmit data at high speed over long distances.

I'm not claiming to be an engineer or scientist, but I guess I could see how it might be possible (probably with the same type of fiber-optic reader) to decode some of information from your LED.

If anyone has more techincal info, please post.

Re:LED Mods

[Maran]

Yeah, but then you get some wag at the manufacturer who programs the LEDs to make it seem as if you spend your entire time looking at porn, downloading strange software and sharing your semi-legal files with other geeks.

(Remembers where he's posting)

Never mind!

Maran

And what about IR?

[zmokhtar]

Good point. Besides, if this is possible, then why in the world are IR transfers so slow? I want 100mbps transfers from ipaq to ipaq over a blinking LED!

According to the article

[Erv+Walter]

I'm not an electrical engineering expert, so I could have misinterpreted the story. However, as I read it, they claim that for cost saving reasons, the LEDs that just show status are internally electrically connected or at least influenced by the part of the circut that handles the data flow. In other words, the LED is not showing just generic activity, but is actually showing the bit flow.

I'm not sure I believe them though.

Re:According to the article

[sjames]

LED is not showing just generic activity, but is actually showing the bit flow.

Think about it. What is the cheapest way to make those status lights work? Have special status lines built in to the DSP, or a cheap buffer connected between the RS232 pins on the serial input and the LEDs? The line levels are appropriate for that. Remember, we're talking about manufacturers who actually care about saving $0.10 per unit on a part. The same industry that developed the Win modem/audio combo just to save about $5.00 on a modem card.

Compared to the whole Winmodem crap, tying the status lights to the serial pins seems innocent enough if you're not accustomed to thinking about security at that level (as most people aren't).

A quick solution

[smaughster]

Just hide your hub in a teddy bear, noone will point his eavesdropping device on such an innocent toy, would they?

Re:A quick solution

[Happy+Monkey]

As I stare intently into the glowing eyes of your bear, I can almost make out a message...

Re:A quick solution

[gmhowell]

Let me just jab a pointy stick into that bastard's eyes...

There we go. Secure again.

Fuckin' teddy bears. Knew I couldn't trust 'em after they decimated a few companies of stormtroopers...

Re:ummm...doubtful

[swagr]

Many LEDs have a response time of around 8 nano seconds, which means they can blink roughly 12.5 million times a second. Enough to transmit 12.5 Mb/s of data. If your on a 10Mb network then that's plenty good for the spy. If your on a 100Mb/s network, the spy is out of luck.

Just a guess...

[underwhelm]

When the light is ON, the data is "1"
When the light is off, the data is "0"

Re:Just a guess...

[Znork]

Nah, not really these days. The few times I've checked, the LED indicators actually indicate something other than the actual data; a full packet, a certain number of bytes, a byte plus a switchoff delay time, because otherwise it has become a sortof weird indicator where you can barely see traffic if it's low density.

So I think the risks are a bit outdated.

Re:Just a guess...

[VoiceOfRaisin]

When the light is ON, the data is "1"
When the light is off, the data is "0"

I guess that modem in my closet is receiving a lot of 0s then

Re:Here.. Look into this live fiber..

[SkyLeach]

Sure you can. Don't you know that a 1 in a pulse and a 0 is nothing. The light only flashes on a pulse (1).

The number 50 as it is seen in pulses: (| is a positive pulse and _ is no pulse).

||__|_

As seen in an led (keep in mind that your eye will only see two flashes (if that).

[flash][flash][pause][pause][flash][pause]

And this doesn't happen anywhere near as quickly as the light pulses in fiber optics. Another thing that makes it easy to read is that you only have to read one wavelength. This is like fiber technology from 10 years ago.

One thing the article doesn't mention is that many of the hubs/switches/routers out there don't actually pulse for every bite, just when a packet goes over the line. I think they will all quickly start flashing only for packets now, not bytes.

Re:ummm...doubtful

[Zaknafein500]

I would have to agree with you on this one. Even if the router were only serving a 1.5Mbit T1, that's still 1.5 million bits per second. I have a hard time believing that an LED can blink fast enough to reliably recreate that data.

Sniffing GigabitEthernet...

[forged]

...let alone OC-x, would be like trying to drink from a fire hose :) Besides, if LEDs would blink so well that you can reconstruct the signal with consumer-grade equipment, wouldn't we all be using optical networks by now?!

Re:Here.. Look into this live fiber..

[delphin42]

if you looked at the article you would know that they claimed the information was subtlely encoded into the light. The light may be on, anytime there is a transmission, but the intensity varies slightly whether there is a 1 or a 0. That's what the article claims anyway, and I'm pretty sure it would depend on the specific hardware.

Re:ummm...doubtful

[pmz]

It really can be done.

For example, in high school, I attached an LED to the output of a radio or microphone (can't remember which) and then aimed it at a solar cell attached to the input of a speaker. And it worked! I'm not sure if the quality was good enough to capture a modem signal, but it was certainly a poor-man's wireless speaker.

If the spy has more sensitive equipment, and if the LED on a modem really is tied to the phone line, then there should be nothing stopping the spy from capturing the transmission and decoding it later.

Re:ummm...doubtful

[CaseyB]

I've seen my lights blink, and I don't think that there's any way... I'm throwing in the towell and saying I don't think so....

"+1, informative"? Heh, mods are on crack again.

Have a look into a Toslink digital audio connector some time. It's using a plain old LED to transmit information. It looks to the naked eye like it's on solid, there's no flicker whatsoever. What would you "think" if you saw that? Your gut reaction is totally off base here.

Only applicable to low data rates and short range

[cybergibbons]

I don't think we have too much to worry about here. They have proved it to work (supposedly, no evidence) on 56kbps. Most results are for 14.4kbps or less. This is for modems - generally they have TD/RD lights which are direct indications of the RS232 lines, so show data.

NICs, routers, switches, and hubs, tend to slow down the light flashes, or flash to packets, rather than bits. It makes it far easier to see what is going on. An LED would have difficulty keeping up with the high data rates as well (as well as any driver circuits).

It could be possible on a switch that has activity lights for all the network to ascertain which ones have most traffic, and hence gateways/DNS servers, but these things are generally found out in much easier ways.

It seems as if most of the posts before this are from people who didn't read the article, and are claiming it can't be true. RTFA.

Thanks slashdot moderators

For modifying someone's unsubstantiated "hunch" as informative.

I've seen my lights blink, and I don't think that there's any way
Yes, and I've looked on a CD and I just don't see any data on it.

Re:Thanks slashdot moderators

[RandomPeon]

Yeah, I picked up the phone while somebody was using a modem. I didn't hear any of the webpage they were downloading, just noise. Random-sounding noise that always sounded random.

CRT's can nail you too

[phr2]

Here's a paper by the amazing Markus Kuhn (who has done many other brilliant security hacks besides this) showing how CRT display contents can be reconstructed from the light given off by the screen, even when the light is reflected diffusely off a wall. It makes me glad I use an LCD monitor.

Re:CRT's can nail you too

[Tom7]

I can reconstruct the image on my screen using the light coming off it, too.

Re:LED Mods

[JPriest]

I wonder where I can get an LED mod that fakes my downloading of the DMV's database. It'll be cool when they take my HDD and horde my pr0n instead.

Re:ummm...doubtful

You should be in the Guiness book of world records. You apparently have the ability to see lights blinking or modulate at rates in excess of 100 hz.

Going to the movies must be pretty tough on you. Watching all that blank time between frames must be pretty nerve racking. I can't even imagine how terrible television appears to you.

If you read the paper, it is based on some pretty coherent testing and past work by others. I think there would be some peer review before publication of an article. But since you have weighed in with your amazing visual prowess, they should just toss out the guy's work.

Re:Simple math says no

[bluGill]

When I first started in networking I was assigned to test some FDDI gear, which used in 1995 LEDs to send data down a fiber at 100 mbs. Now there is a limit to how fast a LED can blink, but we know how to design them for 100Mbs. I don't think we can do 1Gb/s with an led though, at least all the gigabit stuff I work with today is lazers. (much of it was back then too, but an LED is much cheaper than a laser so for short distances we used the leds.

If we could make LEDs work then, I'm sure today we can too, though having all the light guided to the destination by a fiber makes it much easier than reading the difuse light from a modem led which might or might not acually flash to indicate data. I know know of some routers that appeared to have tied the ethernet activity light to the datastream, and others where it was just on. Some hubs seem to do this too.

Re:bullshit

[CrazyBrett]

Not necessarily BS, though it depends on the way the hardware is made. A very simple way (engineering-wise) to implement an indicator LED on a cable modem would be as follows: Whenever the modem is receiving a "1" bit, turn the LED on, otherwise, turn the LED off. Being a type of diode, LEDs are capable of extremely high switching rates (remote controls generally use infrared LEDs pulsed at 56 kHz to transmit data. They can actually switch much faster). Hence, for each packet received, the LED would actually blink dozens of times. To a person, this looks like just a single blink, but a high-speed photodetector would be able to measure the length of each pulse, and use that information to reconstruct the data that was received.

Of course, all this relies on the construction of the modem. Using a slightly less naive algorithm (when a packet arrives, turn the LED on for 1 ms and then shut it off) would defeat this unique kind of sniffing. Still, after staring at my lan hub for a few minutes, I'm wondering if it uses the former technique for flashing the light...

Yeah Right

[Wolfier]

After that, good luck doing the packet reconstruction, parse the IP tunnelling, determine what protocol I'm using, and separating signals from my browser, FTP client, weather ticker, httpd, apt-get and realplayer streaming all running at the same time.

Re:Yeah Right

[osolemirnix]

Exactly. To quote from the text: "The attacker gains access to all data going through the device, including plaintext in the case of encryption systems." This is obviously bullshit, since the LED is equal to the signal on the cable, in other words OSI layer 1. The method is equal to a wiretap the phone line or coax cable. Encryption such as SSH and SSL happens at higher OSI layers and therefore this method does definitely not offer access to clear text data.

In addition it does not explain how it would be possible to decode data that is being sent by a multiplexing device, as the LED only shows that data is being sent. A modern modem (e.g. DSL) does however spread several data bits over different frequencies and thus it's impossible to decode them all from the LED light, since that does not reflect the full frequency spectrum of the cable.
They claim "We have successfully recovered error-free data at speeds up to 56 kb=s; the physical principles involved ought to continue to work up to about 10 Mbits/s.", but I seriously doubt it would scale up to DSL modems.

Re:Yeah Right

[E-Rock]

So you'll let anyone who wants hook up a promiscuous NIC to your LAN? Why not, since there's no way they could put all those bits back together to get anything useful.

That's what this does, just from range and with some different hardware in between. I'm sure if they wanted to, some EE geek could use this to build the strangest wireless LAN device ever.

Re:Yeah Right

[Anarchofascist]

..good luck doing the packet reconstruction, parse the IP tunnelling, determine what protocol I'm using, and separating signals from my browser, FTP client, weather ticker, httpd, apt-get and realplayer...

Read the friggin article numbnuts!

The modem light indicates all transmitted bits on the RS232 output stream including the start and stop bits. Feed that signal to a standard UART and you'll get a byte stream, probably in PPP protocol. Feed that byte stream into pppd, and I get a copy of every packet you send or receive. I can now read the TCP byte stream and UDP packets to and from every protocol on your machine, so yes, I can "separate the signals" as you call it.

Does that sounds secure to you?

*Can* tell 1 from 0

[mclearn]

I see lots of posts already from people claiming this is a hoax based on the fact that you can't tell a one from a zero. Well if you RTFA (article), they explain how this can be done through the use of decoding the physical encoding done by the hardware. They explain that the encoding scheme used is a NRZ-L (non-return-to-zero level). This means that everything can be assumed to be a one except for when data is being transmitted, in which case the bits are zeros.

This is a PHYSICAL encoding, not something cooked up by them. It's used in a variety of devices. Look it up.

There are other schemes, including non-return-to-zero inverted, and non-return-to-zero space. However these two encoding schemes do not work with absolute values, only transitions from one value to another (ie. from one to zero, or zero to one). There is also Return-to-zero and biphase encoding schemes as well, which attempt to correct problems found in the non-return-to-* schemes. However, NRZ-L is the most simple form of encoding, IIRC.

Re:*Can* tell 1 from 0

[JordanH]

Yeah. It's pretty silly to say "sure, they can get my data stream, but they'll never be able to tell if it's inverted or not".

Does anyone seriously think that anyone sophisticated enough to do this couldn't run an inversion on it? Even with run-length encoding and other schemes that you might have to account for, it doesn't seem like any of this is a seriously difficult decryption challenge.

Re:ummm...doubtful

[Bandman]

right, but wasn't this radio signal analogue? With all the equiptment I've had, a light blinks when you send data, and a light blinks when you recieve data. Now, an LED has a fast response..really fast...one reply to my origional post said 8 uSeconds or something. That's pretty feasable, but even if it would blink for every packet you recieved, or even every byte, you still wouldn't know the contents of the bits, or whether it's a one or a zero. I'm still calling BS.

A correction to my post

[swagr]

If your on a 100Mb/s network, the spy is out of luck.
Maybe not. There is quite a bit of redundancy in most network protocols (predictable headers, checksums, etc) as well as in most languages. It might be possible for the spy to squeeze more data out of the signal.

Hmm - April fool?

[Pete+(big-pete)]

In an article (pdf) soon to be published in ACM Transactions on Information and Systems Security...

Hmm - April 1st isn't that far off now - maybe this is being prepared to be published then...

-- Pete.

Re:ummm...doubtful

[swagr]

I just typed "led diode response time" at google. The first link is
here.

Re:Here.. Look into this live fiber..

[Znork]

Actually, I think they all _are_ indicating something other than data. Somewhere around when we went from 300/300 baud modems, most manufacturers changed to indicate traffic activity rather than data, because it became hard to see low-level traffic. You can probably try pinging with different packet sizes over your equipment, or transmitting files with different content, for example all 1's or all 0's, and see if there is a marked difference in the reactions of the leds.

On the equipment I have, it's easy to compare the intensity of full-on leds with the transmission indication leds. If the actual data traffic was indicated on the leds, they'd have different intensity, due to them being only half-on. There is no difference in intensity, so the pulses likely indicate something else, with a delay-switchoff time.

Re:This is the stupidest thing I've ever heard

[jamie]

Your unwarranted presupposition is why this article is so interesting. My first reaction too was "there's no way."

But then I remembered my Digital Electronics class in college where we ran square waves at high frequencies through LEDs... seeing the light seem to fix itself on "on" past any respectable Hertz, I mentioned to the professor "so its power-on time must be shorter than its power-off." His response was "...well, or your eyes just aren't good enough to see that fast." He was right: LEDs aren't like incandescent lights, they can turn on and off very, very fast.

I had just never thought of the little RD/SD lights as transmitting any information, under the refresh rate of my eye. If you'd asked me I would have assumed the manufacturers would have considered this and put a delay into the power-on/power-off times of their LEDs, even one millisecond would do fine.

But many of them didn't. And nobody thought to check until these guys decided to write their paper.

Re:Here.. Look into this live fiber..

[Nick+Barnes]

The LED's don't indicate the data pattern, just the transmission pattern.. You can't tell a 1 from a 0 by looking at the LEDs..

You didn't actually read the paper, did you? It turns out that the LEDs on modems actually do indicate the data pattern. Most modems have "Class III" LED emanations (i.e. "strongly correlated with the content of data being transmitted"). Most LAN and WAN equipment does not have Class III optical emissions, with the exception of an LED on the back panel of certain CISCO routers (page 11). See the table on page 10 of the paper.

In fact, they reconstruct actual data from actual modems over various distances ranging from 5 metres to 30 metres. They believe that, given the right optics, this could be done over several hundred metres.

They also found that the Paradyne Infolock 2811-11 DES encryptor has an LED on the plaintext data.

And they have a great appendix on using keyboard LEDs as a high-bandwidth covert channel, with the obligatory reference to Cryptonomicon.

Ok...

[Psmylie]

I'll get right on that, as soon as I finish my tinfoil hat.

Good lord.

Re:bullshit

[rcw-home]

look up at the light in your bedroom. you would probably say that its on.

If it's incandescant, it is on.

Unless you believe that tungsten element flips between cold and white hot with every half sine wave.

Flourescents are a different story.

Sheer, delicious evil

[eples]

From the paper:

/*
// sl.c -- a covert channel using the Caps Lock LED.
//
// For Solaris 2.x on SPARC; compile with ${CC} sl.c -lposix4
*/

*THAT* is cool. Bundle it w/ a screensaver that makes the other two lights blink randomly and you're set!

Office dweeb: "Look at this neat screensaver, it makes my keyboard lights blink! Wheee!"
Uber-Geek: *jots down keystroke log from caps-lock LED* 47-46-58-82-85-76-69-83......

OT:Slashdot readers

[cybergibbons]

Over time, you notice that people that read and post on Slashdot are extremely misinformed, narrow minded, and self centred.

There are at least 50 posts now on this story claiming it is a hoax. It's clear from many of these that few have actually read the synopsis at the top of the paper, never mind the rest of it.

It is not talking about 10Mbps communications. It is talking about lower data rate comms, like modems, serial lines, and the like.

It does work, only on a small amount of devices. It is short range. This doesn't make it a hoax.

TEMPEST is at a stage where it is hard to perform - we're talking government/big company level to manage anything impressive or useful. Take a look at this tempest radio site. Neat, but not very useful.

If you have no idea what you are talking about or don't have anything useful to add, keep quiet. Is it just so you can get your karmas up???

Re:OT:Slashdot readers

[mpe]

It is not talking about 10Mbps communications. It is talking about lower data rate comms, like modems, serial lines, and the like.

Note that the latter could include terminal equiptment running at 1.5/2M or higher.

Re:I call BS on this one...

[87C751]

I vote for blowing smoke.

Read the .pdf linked from the article. Pay attention to the top of page 2. As the paper states, "[a] high correlation is evident." (the example is evidently a TXD or RXD activity LED on a 9600 bps modem) Whether or not a piece of equipment is built to leak information in this manner is a secondary consideration. The fact remains that some equipment does leak info through status LEDs.

Re:ummm...doubtful

[Bandman]

ok, that MAY be the case (i don't think it is, but but could be), but it's not really likely that the equipment that will record light flashing at this rate is common, and as many people have said there are better ways to get the data. oh well

Cheap wireless links?

[Ed+Avis]

It's surprising that you can actually construct a real data signal from the LED flashes - I thought that an LED would be too slow to respond to a rapidly changing signal so it would just be half-on all the time. But on page 2 of the report they show an LED emitting light that allows you to perfectly reconstruct a 9600b/s signal. I guess LEDs are rather different from lights based on resistors getting hot; they don't need time to warm up or cool down.

This sounds like a dirt-cheap way to construct wireless links, with no risk to human health (unlike lasers). An LED taped to one window and a $29 webcam in the building opposite could get speeds approaching those of a modem, if you designed a protocol specifically for this purpose. The authors of this paper managed to reconstruct data even without a specially-designed protocol.

A bank of say 1000 LEDs, with a zoom lens at the other end to make sure each one is distinguishable, could transmit *at least* 9.6Mb/s, ie more than a megabyte per second. You could do this by taping a pair of binoculars to your webcam.

Re:Cheap wireless links?

[talonyx]

I doubt that a webcam would have a fast enough refresh rate to distinguish that kind of data.

Re:Cheap wireless links?

[Peyna]

I think that most cameras actually run at about 30 Hz.

Speed of LEDs

[Muad'Dave]

The responses to this article seem to all question the switching speed of LEDs. Even the least expensive LEDs are capable of at least 100kHz operation, with many, many, common LEDs capable of operating at several MHz. Remember, most of the fiber-based transceivers use LEDs, not laser diodes. I've used LED-based 3com equipment over a 2 km 62.5/125 um MM fiber link without trouble. These LEDs (not IR LEDs) were easily able to handle 10 Mbps.

Re:Speed of LEDs

[Mike+Hicks]

Heh. Reminds me that there have been people who have hooked up LEDs to devices with electrical S/P-DIFs so that they could communicate with other devices that had optical inputs. For example, this could be used to send out data from a sound card to a minidisc recorder. The bitrates there are pretty high -- I think the high end of those transmissions gets up to 2Mbps or so, though most data probably only flows at less than 1Mbps..

Okay, not as interesting as your story, but it just shows that LEDs have some unexpected uses..

Re:Speed of LEDs

[CaseyB]

That's not really an obscure hack. You just described a piece of hardware called a format convertor, and several companies produce them. It's not quite as simple as wiring an LED or sensor to the electrical SPDIF connector, but the circuit is very simple.

I had to buy one recently (optical -> electrical) so that I could connect my Xbox to my older Dolby Digital reciever.

One of two things will happen

[A_Non_Moose]

Either they take away our blinkey lights and shiney objects

or

Electrical tape to cover up said blinkey lights will be labeled as a circumvention device under the DMCA, so we'll be forced to look at the lights (ooooohhh, blinkey).
(Which is a bad thing because the electrical tap is the only thing holding my 1950's style fins on my tinfoil hat.)

Re:I know how he feels.

[Snowfox]

That funny. I to sometimes think that if I stare at those blinking lights long enough I would be able to discern a message. I just chalked it up to my familys history of mental illness. But it turns out I was right all along.

Don't be so sure. We're all commenting on a kernel update story. What are you seeing!?

Re:ummm...doubtful

[Technician]

Be sure to use a low capacitance diode to pick up the light. An old large apature 35mm camera lens focesed on a diode array from a compact disk player detector is a great source of a high speed photodiode. It can povide great bandwidth at a long range. Larger photodiodes have larger capacitance and do not carry enough current in the short amount of time to capture high data rates. A large apature telephoto camera lens has the nessary gain to drive high enough light current to provide high speed detection. Alignement and focus are critical for good signal to noise ratio. Any hardware types want to try it? I have and used a scope to check the current waveform. Many pieces of equipment do tie the indicator lights to the signal and do reveal the data. Other equipment has an activity light (ethernet cards as prime example) because the average data traffic is too low of a duty cycle to provide useful illumination for an indicator light.

Cheap backup solution!

[JMZero]

I can backup the whole network by videotaping the front panel of our switch.

.

Re:Cheap backup solution!

[shogun]

He must be running one of those really old serial LAN solutions. ie pre-ethernet/arcnet etc. Time for an upgrade man, (and get a much faster video camera while you are at it if you want reliable backups)

Re:bullshit

[k2enemy]

i guess i should have been more clear in my original post. if its incadescant and runs on a dc current it is in fact on. if it runs on an ac current (as almost all do) it is oscillating between on and off very fast. the fillament never actually gets dark but it does dim and brighten with each oscillation.

When I was young....

...around 3rd or 4th grade (around 1970-1971 timeframe --yep I'm a genuine "Olde Pharte" who reads /. :), I once built an electronic kit from Radio Shack that transmitted voice, one direction only, from an LED to a phototransistor. LEDs were fairly new devices back then, at least for the average joe to get his hands on them. Military electronics and high dollar commercial electronics had them for a while. Anyway, back to the LED "wireless" voice xmitter, it actually had a pretty good range, about 20 feet or so, but the audio quality was extremely poor, only good for voice, not music. There were no IC chips in the kit either, everything was individual transistors.

Thank you, bits and baud

[jabber01]

Right.. Seems that on MODEMS (not LANs) the 'on' of the LED is a baud transition, not a bit marker. Granted, so easy enough to decode Huffmann encoding that even silicon can do it, but still.. I just don't buy this as a serious means of breeching security. It's novel, and it even might work at very low thruput rates, but when you're dealing with fast data rates, the response of the LED will mangle whatever pattern it is trying to represent..

Cripes, did anyone actually read this?

[dcigary]

Par for many Slashdot folks to naysay without actually reading the article...

4.3.1 Results of the Survey of Devices.
Dial-up and leased-line modems were found to faithfully broadcast data transmitted and received by the device. Only one device of this type did not exhibit Class III emanations: the Practical Peripherals PM14400FXMT fax modem. The shortest pulse duration measured from this device was 20 ms, even at high data rates. None of the LAN interface cards tested, including 10 Mbits/s Ethernet and 16 Mbits/s Token Ring adapters, were found to broadcast any recognizable data. Examination of the data sheet for a chipset used in fiber optic Ethernet devices reveals a possible reason for this finding. According to [Hewlett-Packard Company 1993a], LED drivers for transmit, receive, and collision indicators are filtered through pulse stretching circuits to make their activity more visible. The pulse stretcher extends the on-time of LED indicators to a minimum of several milliseconds. This makes short pulses easier to see, but severely limits the bandwidth of the LED from the perspective of compromising optical emanations. All of the Ethernet and Token Ring devices examined showed similar behavior in this regard.

They're not stating that ALL LED's exhibit this behavior, just some lower bandwidth ones.

Although I still highly doubt that any useful information would be gleaned from me looking in my neighbor's window and counting pulses from his MODEM LED while he's browing the internet, a spy agency could very well have the technology to figure out how to do this if the particular device is known to have this problem (or "feature", whatever...)

Read, people, read. That's what the paper is there for you to do, not to just hear the title and claim it's impossible.

Pffft.

[phillymjs]

Kuhn did not invent this technique, I read about this being doable in Popular Science in the mid-to-late 80's. It's called 'van Eck phreaking' after Wim van Eck, its discoverer. As I recall from that long-ago article, he sat in an equipped van parked outside a building, tuned in on a CRT that was inside the building, and read the contents of that screen right off his. I think I was about 12 or 13 at the time, and this was the coolest thing I had ever heard of-- in fact, it made such an impression on me that "kinda like van Eck" was the first thought that crossed my mind when I read the posting on here.

Here's some info about the van Eck phreaking method.

~Philly

Re:Here.. Look into this live fiber..

[SkyLeach]

You are forgetting that most of these LEDs are on the other side of a very small capacitor. Many hardware manufacturers chose this to fix the problem of dim LEDs because it was a cheep and dirty patch which was easier and cheaper than changing the chip design or redoing the whole circuit. The light shifts in intensity during the pulse but so slightly that the human eye cannot detect it.

The capacitor chosen is carefully chosen to be only strong enough to keep the LED from going dim between byte pulses, but the pause between packets is sufficient to let the LED go dim.

Look at a spectrum annalasys of a couple of the LEDs and you will see that I am right.

Really people, just 'cause you can't see it doesn't mean it doesn't happen.

Even Linksys, the most popular routers/hubs/switches out there, pules on bytes not on packets.

Re:There must be meaning behind this maddness

[Maddog+Batty]

I'd be amazed if they can blink on-off distinctly more than 100 times a second. Anything faster else would blur

Then be amazed. To your eyes its a blur but not to a photo transistor or similar. Both the LED and the receiver are easily capable of these frequencies and as mentioned in the article 10MHz is not a problem. A good example where this technique is used delibrately is on TV remotes. OK the data rate is low (10kb/s??) but the parts used are very low tech.

You see that big white thing hanging from the ceiling that wonderfully lights up the room? Is that a steady light or pulsed? The 50Hz (or 60Hz for you yanks) supply causes filament bulbs to pulse at 100Hz (120Hz) and is very obvious if you have the right sensor to pick it up. (Your eyes are not the right sensor.) Florescent lights are even better and are completely dark for quite a proportion of their on time.

The best bit is at the end of the pdf. A slight modification to somebodies keyboard will cause the scroll lock led to output details of every last keypress you make. Encription does not matter if you have access to the plain text...

Time to get our paranoid hats on....

Sound to Movies

[dscottj]

Interestingly, this is almost exactly how sound was recorded onto film until the 1970s, maybe longer. A microphone was connected to a light source, which was pointed at a very specific part of the film (to the left of the images, before the sprocket holes). The light would vary with the sound.

On projection, a light would be shone through this track onto a photosensitive plate (hell it could've even been a solar cell of some sort). This would generate an electrical signal that, when amplified, created the sound for the film.

I'm old enough to remember seeing some of these films in the theater. Sometimes the film would get misaligned in the projector and you'd be able to see this track. Looked like a buzzing string turned sideways.

This is also why when you see an old film that's been spliced you see the cut before you hear the "pop" in the soundtrack. The sound is read in a different part of the projector, "downstream" of the image.

Need A New Moderation

[BeBoxer]

of "-1 Didn't Bother To Read The Article". The number of people in this thread who posted and clearly did not read the article is astounding. We need some way of making everybody actually read the article and then start the thread over again. Sheesh.

reminds me of Cryptonomicon. Yeah, that's probably why Cryptonomicon is one of the references in the article!

The LED's don't indicate the data pattern, just the transmission pattern.. It depends on the equipment. Many older serial devices do indicate the data.

I call BS on this one... (Score:2, Informative) Uh, OK. Trying reading the article. And who modded this up?

Tempest (Score:4, Informative) ....To do this with an LED would require that the LED be actually driven by the data signal. Most of them go on at the start of the packet or byte and go off at the end, they don't go on for 1 and off for 0. So, you might be able to do a little traffic analysis, but you would not be able to recover the data. True for some devices but not others. Please read the article. It's quite clear about where this does and does not work.

Yeah Right (Score:3, Interesting) After that, good luck doing the packet reconstruction, parse the IP tunnelling, determine what protocol I'm using, and separating signals from my browser, FTP client, weather ticker, httpd, apt-get and realplayer streaming all running at the same time. OK. Maybe you read the article. But this is just silly. Any good packet analyzer like Ethereal will do all this.

Anyways, this is complete FUD. You cannot pick out binary packet data from transmit/receive status lights. OK. Try reading the article next time.

The light blinks ON when data is going, OFF when it's not. Might make a nice indication of when there is data, but not what that data was. Once again. Read the article. Some things work this way. Some don't.

I would have to agree with you on this one. Even if the router were only serving a 1.5Mbit T1, that's still 1.5 million bits per second. I have a hard time believing that an LED can blink fast enough to reliably recreate that data. Read the article. Your T1 CSU/DSU probably isn't going to drive the LED at 1MHz or more but the LED is quite capable of switching at up to 10MHz.

That's pretty feasable, but even if it would blink for every packet you recieved, or even every byte, you still wouldn't know the contents of the bits, or whether it's a one or a zero. I'm still calling BS. Read the article.

Another vote for "Bullsh*t". I'm pretty certain that the LED doesn't blink for *every* single bit. And what about compression techniques that use phase and so on? You are not actually putting just ones and zeros onto the wire you know. Read the article. The external modems which are vulnerable are transmitting data from the RS-232 side of the modem which has very simple encoding. This is clearly explained in the article.

Wow. We get a nice, well written article with lots of specifics and details about exactly which devices were tested and which leak information, all the way to including comparative graphs of received optical signals, and people call BS on it? I suggest the folks making "tin foil hat" jokes invest in a different type of head gear: reading glasses!

Re:Need A New Moderation

[Kymermosst]

Because the technology isn't around, does not mean it isn't right around the corner, and does not mean that it doesn't exist elsewhere.

I spent enough time working for the government to know that there is technology out there that YOU don't know exists, and probably never will until someone who isn't a government contractor re-invents it for some civilian use.

I am absolutely positive that now that someone has said this is possible, someone else is working on a way to do it even as we talk about it.

Your class III equipment might be safe for now, but do you think they are safe for long?

Most likely nonsense

[uradu]

I've glanced at the article, and it seems like a lot of hot air: lots and LOTS of background and diagrams on LED technology, but relatively little detail on how LEDs could betray the data stream in current, modern equipment. Most current data transmissions around a PC occur in heavily encoded form (usually amplitude AND phase modulation). So there is no cable (other than the serial port cable) that you could just splice an LED into and simply read the data stream out. You would have to inject the LED somewhere into the device electronics where the data stream bits are flowing in decoded, truly serial fashion. Why bother, if from a firmware perspective it's much easier to toggle an LED control bit on at the start of a logical data group (packet or whatever), and off when you're done processing it?

Re:Here.. Look into this live fiber..

[Reziac]

Wouldn't matter if you can't tell 1's from 0's. If the data retrieved doesn't make sense, just ROTT1 it. :)

Re:This is the stupidest thing I've ever heard

[somethingwicked]

Does anybody really think that those little blinky lights are going fast enough to transmit any data

Yes, its called "Fiber Optic" and there are a few companies pursuing the technology right now. I tell you this "Fiber Optic" thing is going to be big if they can ever get those "little blinky lights" going fast enough *smirk*

RTFA and they explain the following among other things:

It only worked on 36% of the subjects tested

The ANP Model 100 short-haul modem, Hayes Smartmodem OPTIMA 9600 and 14400, and a Practical
Peripherals PM14400FXMT fax modem were all examined.

There tons of these old "standards" still running in the real world. Well above your 300 baud assumption

*MUST RESIST URGE TO FLAME...*

This reminds me...

[psych031337]

...of my long-gone phreaking and phrauding days. Here in .de it was still safe to bluebox and card calls because the entire was analog at that time and tracing had to be done by hand - certainly not something the german telco would do on a regular basis if only fraud was the crime. Well, i used to know some guy who was a security risk in that matter - before dialing someone or using a card with him in 3way, you had to kick him out or something - he could just recognize DTMF tones with his ears. Prolly not as sophisticated as a LED-to-bitstream hack but it still jumps up in my brain while reading this.

The horror!

[stinky+wizzleteats]

First they take away my command line and replace it with windoze. Then they take away my sexy jet-engnine-spin-up sounding RLL and MFM hard drives. And now no blinky lights?!

Sure, I can leave behind the days where troubleshooting Ethernet required a resistance meter, and when you could hear the memory counting up, and when a goddammed power switch was a goddammed power switch, but now I have to give up blinky lights? What is the world coming to where a computer geek can't proudly behold his array of blinky lights!?

Where's the joy? These evil led sniffing bastards simply must be stopped, that's all there is to it. I'll 3DES the signal going to the LEDs before I resort to covering my beloved LEDs. Duck tape be damned.

Put a capacitor across it if you're concerned

[JohnTheFisherman]

An appropriate value will slow down the transitions enough without interfering with the fascination of staring at a blinking light. That means it's working, you know?

That does it

[Bartmoss]

This really shows that you cannot be paranoid enough. That's it, I am ordering my tinfoil hat today.

Seriously, who would've thought about this? Certainly not me. I'd never thought that an LED might actually represent the state - I merely figured it's activity in general.

Correction

[Proaxiom]

A nanosecond is a billionth of a second, so a nanosecond pulse would be 1 Gigahertz.

An 8 nanosecond pulse is therefore 125 Megahertz (1 Gigahertz divided by 8). So the theoretical limit is 125 Mb/s, not 12.5.

Beat me to it!!!

[somethingwicked]

I saw your subject line and immediately thought:

"/. needs a RTFA mod"

The sad thing is that typically the most read early posts are the least informed due to the fact that they skipped the actual step of checking the source first

Move over 802.11x

[uigrad_2000]

If it can really pick up signals with few enough errors to be usable, then I want to use it for networking! Some posts here claim that it can easily do 10MBit/sec. What's stopping someone from making an array of them, for high speed wireless access?

Actually, now that I think of it, that must have been what all those big clunky lights were on ST:TOS. Networking of the future!

Re:ummm...doubtful

[skroz]

The uman eye can differentiate individual pulses at up to 45-55 hz (depends on the person.) After that the LED will appear to be solid. After that, increased speed will only make the light appear slightly brighter until about 70 hz or so, at which point your eye won't be able to discern any difference. So looking at the lights is pretty much pointless.

Keep in mind that this does NOT mean that impulses above 45-55 hz will appear unchanged as freqency increases. Images will simply blend together. This is why you see an increase in quality at high frame rates in quake.

Sweet

[Tony.Tang]

Now you don't even need to waste your own bandwidth downloading your pr0n. You can just aim your little LED detector at your neighbor's LED's and get his pr0n.

Re:Bull SHIT

[MrIcee]

Actually - not true at all. Not only is this VERY doable (and a very nice piece of research I might add) - but if you bothered to look at some of the references he points out - you will realize that our government has been doing way harder things for quite a while.

As the article states - TEMPEST technology has been around for quite awhile. TEMPEST technology is MUCH HARDER than what this research attempted - thus his experiment is much easier (note please that he states that it does not work on ALL equipment - only equipment where the LED's are tied to the traffic in a certain way).

But to put TEMPEST in perspective for you - just to see how easy it is... all you need for simple tempest is a RF receiver and an old black and white TV with the cover ripped off. A few connections and you simply aim the receiver at a wall where you know on the other side is a computer monitor. Next - you play SYNC by hand tweaking the vertical sync of the TV until what is on the computer monitor behind the wall - is now also on your TV. Note that in order for this to work - the TV you are using should be capable (by tweaking) of reaching scan resolutions of the monitor your trying to view.

Similar techniques are also used to reverse CPU running instruction sets by listening to the RF generated by the CPU. Extremely complex algorithms can take the RF and reconvert it back to original instruction set.

This is also similar to what all of us older programmers used to do years ago with AM radios. To tell if our computers crashed, or were looping forever - or were in some other state - we would tune our AM radios until we could hear the individual instructions (old computers were slow enough that their instruction clock speed was in the AM range). You could actually hear loops, xor's etc.. - each would produce a different *tone* that you could learn to recognize after experimenting.

The only difference between TEMPEST and the old AM RADIO trick is that computers are now much much faster - and their clock speeds produce radiation near the microwave range (which is why you can't use AM/FM radios anymore to do the trick).

So yes... it is no surprise to me that the same info can be taken from the status LED's on much of the equipment.

BTW... even though TEMPEST capabilities of our government is considered classified - you can still find quite a bit of info on it - on the net. Mainly because government computer centers are supposed to be TEMPEST certified (e.g., can't be spied upon in this way) -- thus there are a number of companies out there who manufacturer TEMPEST safe rooms and equipment, etc... their info is available on the net.

Re:Agreed

[monkeydo]

You didn't read the article. If you had read the article you would know that you are describing what the authors call a Class II device.

The authors also describe Class III devices which do blink along with the data stream (if you RTA you'll even know why) these include TD and RD lights on modems and routers.

They also point out the the information given off by Class II devices can be useful for traffic analysis and covert channels.

But you knew that, right?

Re:Not quite so bad as the poster makes it appear

[vidarh]

In "only two" Cisco routers that happens to have been two of the most popular routers on the market for years for mid- to large sized networks...

Re:There must be meaning behind this maddness

[Peyna]

I recall hearing that bird's eyes work at very high frequencies, does that mean our houses are blinking like Christmas trees to them? That's an interesting thought =]

Re:Not quite so bad as the poster makes it appear

[Peyna]

better just break the LED, never know if any of that light is still getting around your duct tape.

Quick fix: an RC filter behind the LED

[marlowe]

Down 6db at 20hz. It'll it still blink prettily, but no data.

Re:Oh, bullshit

[vidarh]

Read the report, it's very thorough, and cover quite a variety of attacks. You are right that most high speed networking equipment was not vulnerable, but the serial port of the Cisco 4000 and Cisco 7000 was, and they did manage to recover error free data from a distance at up to 56kbps.

Apparently you are wrong: Lots of HW manufacturers are stupid enough to flash a LED every time a bit passes, and for some of the equipment the only reason they appeared not to was that they extended the on phase to make it easier to see (a documented "feature" with no mention of security being the reason for a commonly used chip used by some of the equipment they tested).

As for bandwidth, they achieved 56kbps, and estimated a theoretical limit of 10Mbps for typical LEDs.

Why don't you read the article before complaining?

LED Switching speed limitation?

[josquint]

Do any of you EEE's out there know the switching speed of most el'cheapo LEDs?

It seems to me, in order to get a pattern off any LED it'd hafta switch intensities VERY fast.
100 million times per second on a 100mbps network... or even 56 thousand per second on modems. That, to me, seems extremely fast for the cheap LEDs that would be put into an indicator light. Maybe not, but in my own personal experience I tried building a 'strobe' out of Radio Shack LEDs.. it didnt work very well because once i got to a speed aplicable for a stobe, it was just a blur of light.. no definite switching

Physical access...

[markmoss]

There are two ways to put in an LED to show when a device is transmitting or receiving. One is to tie it to the transmit or receive enable/detect signal, IF there is any. The other is to tie it to the data line. In that case, the LED may be blinking right along with the data, although too fast for the human eye to see. It looks like it is on continually, but the signal could be recovered with a fast enough detector. This depends on the LED turn-on/turn-off time; if it's 8 nS (pretty common), a 56K modem would be easy to pick up. ADSL or cable modems at a few MHZ would be sending out a clear signal; I'm not sure if there are cheap optical detectors that will work at those speeds, but there are expensive ones that go into the gigahertz. 10MHz ethernet signals would be "blurry" but with a good detector, a fast ADC, and some signal processing you could recover them. With 100MHZ ethernet, no data could be recovered.

But before you can do any of that, you have to be able to _see_ the blinking lights. If someone can get into your wiring closet and focus an optical detector on your hub, it would be a heck of a lot simpler to just connect the network sniffer by cable. The real hazard is if the blinking lights are pointed out the window -- that's an unusual location for a network hub, switch, router. or server, but it's quite likely your business has some desktop computers with the back towards a window and the LED's for the NIC and modem cards visible from outside, so a telescope in a van parked across the street could, in theory, extract the data. For instance the receptionist's computer is probably oriented this way; it probably isn't worthwhile for someone to go to this much trouble to find out what a receptionist is up to, but if the NIC is showing data flowing to and from other machines on a shared network cable, better stick on a bit of electrical tape...

Re:Physical access...

[markmoss]

dentists for instance use modems to dial-in to EDI systems run by insurance companies to check claims info...

modem based EDI systems to do credit checks

Deadplant, thank you for two common scenarios where a laptop and a detector inconspicuous and wide angle enough to be used without looking suspicious could in fact steal valuable data. Looks like we'd better take this seriously.

There are many simple ways of frustrating this:

1) Use modem and NIC cards that don't have the blinking lights.

2) Put the hardware under the desk, with an appropriate partition or modesty panel between the back of the PC and the customers.

3) Black electrical tape

4) Get hardware where the blinking of the LED's does not correspond to the data. In some cases, the LED's are driven by an IC that blinks it at a constant, human readable rate as long as the input (data line) is active; this clearly distinguishes a working line from one that is stuck "on", but it's more expensive than needed just to mask the data. If there aren't slow-responding LED's, then add a 3-cent capacitor to extend the turn on/off time.

RTFA

[wwest4]

Surprisingly, there have been so many "bullshit" posts modded up. Read the article, people. Just because your eyes can't discern modulation in a rapidly-changing LED doesn't mean a machine can't. it's like saying "d00d, you can't sniff data from a modem signal, it sounds like static."

Your eyes can't discern discrete changes past, say, 24 Hz (movie frame rate). Data is modulated in the LED in pulses that match the data rate. So to your eye, it appears to be solidly on. To a sensitive solid-state photoreceptor, the changes are discernible (according to the article, at rates up to 10 Mb/s).

Frankly, I'm amazed this wasn't determined to be a problem a long time ago. This is indeed a tangible risk, you naysayers. Passively sniffing a box is a much more subtle way of eavesdropping than cracking open the box or plugging in a new MAC. That flashy data center with the big wire-mesh windows and cipher lock might want to think about some opaque-ish drapes.

Re:bullshit

[Webmoth]

Some newer, energy-efficient fluorescents operate at frequencies >60Hz, and have long-decay phosphor coatings effectively eliminating the "on-off" effect.

(A fluorescent lamp operates by an electric arc which vaporizes and excites mercury in an otherwise near-vacuum; the mercury gas emits light in the ultraviolet spectrum. The ultraviolet light excites a fluorescent coating which in turn emits light in the visible spectrum. Different colors of fluorescent lamps are made by introducing different materials into the fluorescent coating.)

LED's, on the other hand, lacking a fluorescent material, have very steep attack and decay slopes, allowing them to respond (flicker) at very high rates.

P.S. -- "Fluorescent" means to become excited by light in one spectrum and emit it in another spectrum. A more precise word would probably be "photoluminescent." Neon and LED's are types of "electroluminescent" lamps -- light is emitted when the material is excited by electricity. Incandescent is "thermoluminescent" -- light is emitted when the material becomes thermally excited (hot). A fluorescent lamp is a combination of electroluminescent and photoluminescent technologies.

P.P.S. -- I like to make up big words. It makes me sound smart.

Re:bullshit

[Mr_Matt]

if it runs on an ac current (as almost all do) it is oscillating between on and off very fast.

This guy gets a +1, Informative for being wrong?

Here's how incandescent lights work, just so you know - current flows through a filament, which undergoes resistive heating to the point that it glows, white-hot. Sure, AC current reverses flow through the coil n times/second (depending on where you live), but if you think that the coil significantly cools n times/sec in between cycles, then I suggest you read up on heat capacities. Something tells me that the time it takes for a tungsten coil glowing at several thousand K to cool to a few hundred K takes longer than 1/60th of a second. Just watch a bulb when you turn if off, if you don't believe me: flip the switch, and the bulb in my office glows red for perhaps half a second. The "dimming and brightening" you speak of may well be occuring, but certainly not noticible to the human eye, certainly not when compared to the radical flicker produced by a flourescent light.

Re:ummm...doubtful

[pmz]

The telephone line is analog, also. I don't know how modems are designed, however, so the LED could flash either the analog signal of the phone line or the packet-by-packet flash like that on a network hub. Which type of signal goes to the LED is probably a design decision made by the modem company.

Re:bullshit

[ncc74656]

but its really flashing on and off faster than you can see.

Fluorecents, yes, but not incandecent bulbs. The cycle of the AC going into the bulb is too fast to allow the filament to cool and stop emitting light. The intensity may waver ever-so-slightly (and that may or may not be detectable to sensitive equipment), but it doesn't go on-and-off.

As a kid, I had one of those Radio Shack electronics kits (the ones with the spring terminals that you wired together). One of the circuits hooked a photocell into an audio amplifier. IIRC, you could hear a slight hum from incandescent lighting...and this wouldn't have been a particularly sophisticated circuit. (The kit had four transistors of different types and an analog IC; this circuit probably used only one or two transistors, the photocell, and some passive components.)

Simple Solution to LED Problem (tinfoil breach)

[Charlie+Bill]

1) Remove tinfoil from head. This will allow the FBI to read your thoughts and aliens to control your thinking, but this is LED SECURITY!!
2) Place tinfoil over LED (a) at a 45-degree angle reflecting the light towards LED(b). Poke a hole in the tinfoil to allow some light through.
3) Take tinfoil and make covering/receiving/reflecting receptor on LED(b).

When LED(a) lights, any scanning devices will be mercilessly confused by the colighting of LED(b). The secret bat equipment will be useless!

4) Make sure you put tinfoil back on head.

Re:Translation of Parent Post

[Ctrl-Z]

Uh, try the Jargon File entry for blinkenlights.

Alias...

[TheMatt]

So, any bets as to how long it takes for something like this to appear on "Alias". For some reason, I was reading the article and kept thinking of Marshall constructing a device that read the LEDs of a modem.

Of course, "Alias" has those mystical tempesting devices that live only in Hollywood, but still, it sounds like one of their ideas.

Re:Here.. Look into this live fiber..

[Tackhead]

> They also found that the Paradyne Infolock 2811-11 DES encryptor has an LED on the plaintext data.

I spewed coffee all over myself when I read that. Some dumbshit should, and probably will, be fired for that. > And they have a great appendix on using keyboard LEDs as a high-bandwidth covert channel, with the obligatory reference to Cryptonomicon.

I've actually seen this - not for communications, but there was a Winamp plugin that flashed the three LEDs on a conventional keyboard as a 3-element graphic equalizer. It looked way cool.

Re:Only applicable to low data rates and short ran

[geekoid]

your netgear would have to be(at a minimum) a Class III device, and have the highest quality(most expensive)LEDS before someone could even begin to use this against you.
somehow I doubt any home modem would meet those requirments.

I do this already

[AgentTim3]

Yeah, that's right. I just head into the server room, turn all the lights out, and stare at the routers.

Sure, it takes awhile to learn how to read it...

But after awhile, I just see Blonde here, Brunette there, Redhead over there...

Re:Perhaps covered in article?

[CaseyB]

This poster asked a serious question, and gets a "troll" metamod.

He asked no question. He merely called the paper a hoax and the authors frauds, with no proof.

Troll.

YU0 = FAG0T

[Dahan]

I've looked at the insides of probably about 100 modems, hubs switches etc.

Sure, and I'm the queen of England. And even in the extremely unlikely event that you're telling the truth, looking at the insides of a modem isn't going to tell you anything about how the modem's LED works. I've been to NASA's Johnson Space Center a couple of times and have looked at the insides of a few rocket engines. Therefore I must be an expert!

I have a SupraFaxModem 14.4. I noticed a few years ago (when I was using the modem daily) that if I send a stream of NUL bytes down the line, the LED looks noticeably different (brighter) than when I send regular data. And if I send a break signal, the LED lights up solid for a second or so (however long the break is). The LED most certainly is correlated to the actual bits being sent down the line.

Re:YU0 = FAG0T

[Dahan]

Yep. That evidently has the LED connected across the data line (either going in or going out). [...] Perhaps some do, but none of the ones I have

So what happened to your claim that "THIS IS A FAKE"? As the AC said, "Every device ever made does not work like your fucking modem ..."

If you get a photodiode, and hook it up to the input of an oscilloscope, you can see whether or not the LED actually flashes with the data being sent

Yes, and the authors of the paper did just that, and found that the LED did flash with the data for majority of the modems they tested. Really, you should read the paper.

Re:YU0 = FAG0T

[Gordonjcp]

OK, so you out of the entire population of the western hemisphere still use a 14.4 modem? Fair enough. Break out the gaffa tape :-)

Perhaps saying it was fake is a bit strong...

I did read the paper. I can see a couple of problems with it, not least of which being the tiny amount of light emitted from an LED. It would be simply swamped by ambient light. If you did this in a dark room, presumably it would work - as long as the two LEDs didn't interfere with each other. Maybe you could use something like a telescope (a rifle sight with a very narrow FOV?) to "zoom in" on a particular LED, but I'm not totally confident that it will work.

Tell you what, if you want to discuss this properly, we should take it off-site before we start to annoy people. I intend to thoroughly re-read the paper over the weekend and see if I can duplicate any results. A bit pointless I know, but it's one of the things that really irritates me about Slashdot - people could try things for themselves but don't. Oops, I've just slagged Slashdot - bitchslap ahoy! Oh well...

Re:bullshit

[Kymermosst]

And today, we are going to learn about math and electricity:

AC current flows in a sine wave. Now, I will assume you know what a sine curve looks like.

At a sine curve's peaks, at pi/2 radians from zero in either direction on the unit circle, the absolute unit is 1. Its zero is at zero.

Now, it is only zero at zero degrees. At all other times it is NOT zero, and thus, current is flowing. On a cycle of pi radians, there are an infinite number of points where current is flowing, and only THREE where it is zero, and "stopped" as you say. Since an incandescent bulb is resistant no matter the volage, and has a slow cooling time, the bulb is infinitely "on" for the complete cycle, because it does not turn "off" during the infinitely small zero points of the curve.

Now, the reason LEDs pulse is because their switching speed is near-instantaneous, and they only flow current in one direction.

Flourescents are similar, but generally more apparent in their flickering because of "threshold voltage", which basically, increases the size of the zero points on the curve, because light output is effectively zero for input voltages less than a certain amount. LEDs have a threshold voltage too, but it's a lot smaller percentage generally, for zero light output.

Re:Pffft yourself

[Kymermosst]

I didn't read his paper myself, but I certainly agree that it's possible. One would only need to read the intensity of the light, convert that to a video signal, synced with the rate of the display you are spying on, which is easy because of the verticle blanking period.

Wish I'd thought of it first. I'm looking for a thesis idea....

this is dumb

[dAzED1]

modulation doesn't occur on the bit or even the byte level, they occur on the packet level. At least, on many of the types of equiptment you all are thinking this would apply to. Sure...on a serial modem, I suppose a relatively idiotic modem manufacturer or two could have made the LED's modulate per each bit...but my god...if so, then those companies should be hung.

When a router passes data, the led doesn't modulate on the bit level. Stop being so stinkin paranoid. Sheesh. The sky isn't falling.

Re:ummm...doubtful

[Kymermosst]

Wish I had an oscilliscope right now. I've suspected the telltale LEDs on my new external modem... but haven't had a way to check since I currently don't own or have access to a scope.

Re:ummm...doubtful

[Bandman]

thank you :) I love the moderation history though
Moderation Totals: Informative=2, Overrated=4, Total=6.

lol

One part is not totally accurate

[rarose]

In the section discussing how several channels could be separataed from a encompassing optical flux measurement they make the assumption that all of the channels are running on a slightly different clock. They use this clock skew assumption of assist with the decode.

From several years of working at a company that developed multiport serial hardware I don't think this is a totally valid assumption. On all of our boards there was a single master clock that drove all of the UARTs.

This master clock will be divded down inside of each UART to create the baud clock. And this division will allow each channel to skew in quantums related to the baud divisor. *But* at high baud rates the divisor shrinks meaning that for 2 comingled channels instead of a 1-in-4096 chance of a clock skew you only have a 1-in-2 or 1-in-4 chance.

Re:bullshit

[markmoss]

Your "slightly less naive algorithm" costs about $0.25 more than just hooking the LED driver into the data line, and it takes up more board space.

I'd suggest adding a capacitor. A .1uF capacitor takes up very little space, costs 1 or 2 cents, and in conjunction with the 330 ohm resistor typically used with LED's gives a time delay of about 33 microseconds. That's good enough to hide anything over 30KHz, so modems for plain telephone lines (which might be so low quality that the modem has to step down to 10 or 20K) should either have a bigger capacitor or just not connect Txd and Rxd to LED's.

They may mean more than you think

[horza]

I remember when I was in the office at Acorn Computers chatting to a guy called Dave Walker. Someone walked up to his desk, plonked down an Acorn PC and said it wasn't working. He plugged it in and watched it for a moment (just the box, no monitor was plugged in). After a few seconds he pulled the top off, pushed in a certain chip (loose memory or something), put the lid on and booted... this time the PC whirred into life properly. When I asked him how he did that magic trick, he told me that when there is an error the floppy drive light blinks it out in morse code. I'd had one of these machines for years and had never known that was staring me in the face!

Phillip.

Oh no!

[wumingzi]

(Reading the paper shows a footnote indicating the researcher was a student of Seattle University -- just down the road from my house).

Thanks. Before I thought the firewall and IDS system would keep those hacker kids out of my home network. Now I have to tinfoil the windows.

j.

Re:THIS IS FAKE

[markmoss]

In any modern modem, the UART is in the micro, so Rxd and Txd are "IO pin[s] on the microcontroller." There may or may not be other status pins which could be used to run LED's, but RXD and TXD are there and will obviously work to show when data is coming in and going out. So why not use them?

Yesterday I would have. Today -- I'd think about it... (embarrassed grin)

Re:Oh, bullshit

[osgeek]

I did read it. What, you believe everything you read just because it sounds "scientific" and has pages and pages of "data"? I certainly don't, or I would have fallen for that whole "Cold Fusion" crap years ago.

I think the authors took an obvious phenomenon -- that LEDs flashing for every bit transmitted could be read by some device -- then exaggerated the danger of such an attack to get some publicity for their paper.

Sure, flashing LEDs can be read, and in some bizarre equipment configurations, you could actually read the data over this method. Is this a danger to anyone's data? No, it's a toy, and not a problem -- aka "bullshit".

Re:ummm...doubtful

[OrangeHairMan]

Yeah, you can take LEDs and solar cells to transfer sound. Check this link out: http://scitoys.com/scitoys/scitoys/light/light.htm l#laser_communicator

Orange

The Future is Now!

[Benwick]

Now maybe we can finally figure out what OS they were using on the Enterprise.

Incidentally, literature fans, Thomas Pynchon mentions this idea in passing in the "Byron the Bulb" section of Gravity's Rainbow.

Re:bullshit

[Mr_Matt]

Ugh...I misspoke when I made that statement, and as such, shot down my whole argument. I hate it when that happens. :)

Here's the deal: the 'dimming and brightening' you think is happening is really not going to occur, because the response time needed for a tungsten coil to cool from several thousand K to a temperature cool enough to notice a dimming effect is far longer than the period of time it takes to reverse an AC current. Certainly there would be a frequency shift in the peak emitted frequency from the coil which would vary on the timescale of the AC cycle, but a dimming? You're talking about shifting the wavelength from half a micron to a few microns (remember the tail in the Planck function) to 'dim' the light - that's a shift in brightness temperature of several thousand Kelvin in less than 1/60th of a second. If real light bulbs did that, they'd last a few minutes max before blowing out from thermal stress on the metal. Not gonna happen.

Here's what I think has happened - you meant to say 'flourescent lights' in your original post, got flamed for not doing it by detail-oriented /. dorks, and have since then have cobbled together a cheesy argument to show that incandescent lights 'flicker' in the same manner as flourescent lights do. And it's just not worth defending, dude - I've done the measurements (you do some strange things when you're bored in lab circuit design class :) and the fact is, incandescent lights don't flicker. They don't dim and brighten, not to the human eye, and not to any photovoltaic equipment I've ever used. If you have data to contradict this, then feel free to make a link. Otherwise, just accept it as a boo-boo, and move on. :)

Re:Yeah right.

[ka9dgx]

If you would have read the article, you would know that there might indeed be full 100Mbit data coming out of those LEDs. Nobody cares where the signal comes from to drive the LEDs, as long as it looks right.

You can't just trust your eyes to determine there isn't a high bandwidth signal. That's the whole point of this story, and thread.

--Mike--

Re:Riiiiiight...

[ka9dgx]

Another twit who didn't read the article.

Overkill

[ka9dgx]

You could do all of that, adding chips along the way, but the fact is that the LED will already have a current limiting resistor in series with it, so all you really need is the appropriate value capacitor in parallel with the LED.

--Mike--

Re:Using this for the last mile

[ka9dgx]

It's done all the time, but lasers are used with telescopes to allow enough bandwidth to do ALL of a cable signal, for example.

In theory you could bounce a very low bandwidth signal off the face of the moon, using a single LED and a photodetector, if you have enough time to wait for it to average out to more than noise.

--Mike--

Many cryptophiles ignore physical security

[yerricde]

Unless someone has direct physical access to your Class III equipment, they can't read anything in the MHz range. So, those Cisco routers are safe after all.

Direct physical access is often surprisingly easy to come by through either force or social engineering. Many people involved in the crypto field conveniently ignore that all the crypto in the world isn't going to save you if somebody points a pistol at your head and asks you for the cleartext.

Re:Von Eck

[perplex79]

It's van Eck Phreaking, check whatis or google.

daniel

Learning Leanings

[virg_mattes]

Um, "fuck" isn't an adjective. It's a verb or a noun.

And, isn't the UART inside the microcontroller in "most modern modems"? Doesn't that make Tx and Rx "IO pins on the microcontroller"?

Maybe I'm remembering wrong, but I think there's more to the article than BS.

Virg

Re:bullshit

[anthony_dipierro]

he said "but its really flashing on and off faster than you can see." NOT that it dims *slightly*. big difference

Hmm, considering that light is quantized in packets called photons, and intensity is simply a measure of the number of photons released per second, I'd have to disagree. Flashing on and off at a certain rate is exactly equivalent to dimming.

Two (many) Assumptions

[virg_mattes]

First, if the LEDs are on the TxD and RxD paths, they'll blink with every bit, not every packet. By the article's terminology, class III LEDs do just that, and most modems (and a few switches) are set up in class III configuration.

Second, take a close look at the light over your head. If you're in the U.S., it's pulsing at 120 Hz (incandescent lights get brighter and dimmer, fluorescent lights actually go dark and light). Can you actually see them flickering? Not likely. Therefore, is it safe to assume that because it looks like the LED is going on and off at 10 bits per second, that each flash is not a series of on/off cycles too fast for your eye to detect? Again, not likely. In reality, class III LEDs do indeed flash out the data stream, and equipment sensitive enough to discern it (which the human eye is not) can read the data stream.

By the way, to close off the two obvious arguments, in modern modems, the UART is a part of the microcontroller, so the LED can indeed be hooked up to Tx/Rx easily, and in the case of data transmission, even cheap LEDs can cycle in the 10-100 nanosecond range, so the light would merely appear to the human eye to be on full time.

Virg

Re:bullshit

[Cadderly]

Hmm... but you keep forgetting that the lamp has a thermal delay... just like a heating resistor. Ieff = Imax / Sqrt(2) The IR and lightoutput is the same as the same lamp on 110V DC...

Alternate Designs

[Detritus]

Hardware:

• connect the data line to an edge triggered flip-flop
• connect the flip-flop output to a parallel I/O port
• connect the read strobe on the I/O port to the reset line of the flip-flop
• connect the front panel LEDs to a parallel I/O port

Software:

In the real-time clock interrupt service routine, read/reset the data activity flip-flops, write the state of the flip-flops to the appropriate front panel LEDs.

I've done this on embedded systems. Having the front panel LEDs under software control, instead of being hardwired, can be very useful. It takes minimal hardware and allows you to do creative things in the software for diagnostics.

Re:The Lower UID Wins

[mosch]

That's the dumbest thing I've ever read, and I must be right.

Re:bullshit

[Kymermosst]

I was arguing that the bulb is never in an "off" state, even at the zero points, as even though it is cooling, it never goes to zero output, which is in fact, "off".

I wasn't trying to say they don't modulate... I was going for don't have zero output at any point on the cycle. I figure the light output looks like a rectified sine wave with a D.C. offset, when put on a scope.

This is opposed to LEDs and flourescents, which have light output resembling a square wave, and definite are emitting zero light for part of the cycle.

Re:bullshit

[Kymermosst]

The graphed output of the solar cell would resemble a rectified sine wave with a D.C. offset though, right?

I'm not an EE, but I've done enough basic electronics to where I think I've got this one.

A few posts up in this thread I was arguing that light output from the incandescent is never zero when it has AC voltage applied, and someone thought I might have been implying "not modulated," and that's what started this. :)

It's times like this I wish I owned an oscilloscope.

Re:Oh, bullshit

[vidarh]

I believe what I read when it is backed up by a thorough discussion of method, a discussion of the methods shortcomings, solid data on which devices they have tested, explanations of in which cases their method fails, data that can be easily verified (and which they thus have little incentive to fake), descriptions of a thorough examination of the causes for both the successes and failures, and when the correlation they have investigated seems natural.

If you believe the paper doesn't include enough details for you to believe what they are saying, then it certainly doesn't contain enough details for you to discount what they are saying out of hand either. It does however include enough information for someone to reconstruct their experiment and either prove them right or wrong.

How many people would think about adding extra circuitry to not have a correlation between the led and the actual data being transmitted, instead of just feeding the signal straight to the led? Just from looking at the leds of a modem configured to run at low bitrates, it seems obvious that there is a data leakage issue.

It may not be serious for you and me - who cares enough about your or mine e-mail? But even knowing that data is being transmitted can be a serious security breach in some settings.

As far as I know this is the first publicly available research on the matter, which does indicate that this is not something people have considered before. I did not consider it an issue before I read the report, though on reading the report it becomes obvious that it may be a risc.

Similarly, much more complex attacks based on various emissions from electronic equipment have been known for ages, including tempest technology.

Where did you see any exagerration of the danger? This is a scientific paper scheduled for publication in a journal read primarily by scientists and engineers, not a hyped up CNN article.

Yes, it was posted on Slashdot, and rightly so, as it does have a great "hack value" - the first thing I thought when I saw the article was "cool, wonder how long it'll take before someone starts discussing how to use the findings to build line of sight networking gear". The first suggestions had already been posted when I read the comments.

As for risc? Probably not very big, but I do know of more than one ISP that have or have had their networking gear and modems in plain view through a window that would have been easily accessible. Breaking in would have sounded an alarm. Pointing a device with a photoreceptor against the window would not. Guess which method I would have chosen if I was a bad guy that wanted access to their data and I'd thought of this attack?

This is a bogus load of crap!

[emuman]

Here is a prime example of blatant illogical thinking on the part of the
media:

http://www.cnn.com/2002/TECH/ptech/03/07/led.sno op ing.reut/index.html

Keep in mind I've done embedded modem code, and my primary technical job
at work is to deal with fault situations, including displaying status
codes on LEDs so I'm familar witht he technology and its limitations.
Here's what's wrong with this article:

1) LED's are very slow devices. That means they can only turn off so many
times in a second - on average, 50 times a second. That means *50* baud,
which is about 6 characters in a second. There is no technical way that
these LEDs can turn on and off fast enough to support even the slowest of
modems! It's like driving at 500 MPH and snapping 6 pictures over the
course of 50 miles and saying that you can figure out what's in between
the pictures. Not technically possible.

2) The author makes the assumption that the blinking lights are actually
connected directly to the data stream. This isn't true! One problem we had
with our modems initially is we did have the data stream tied to the
lights. Once the speed of modems edged up (we're talking 9600bps, here
folks, so this was a LONG time ago), the data was toggling so fast that
all we could get out of the status LEDs was a dim glow. So we wrote code
to keep the status LEDs on for a minimum period of time so they'd actually
show up.

3) The author knows nothing about ATMs and their protocols. Even if
internal modems built in to ATMs (to which almost all are internal with no
indicator lights of any sort), having the data stream, byte by byte will
not be a repeatable sequence anyway. There is a trust set up between each
ATM and their servers and no two transactions are identical. The stream is
encrypted. When was the last time you saw any LEDs on ATMs?

4) The article infers that one can even detect network traffic from the
LED. Come on - an LED capable of 50 baud revealing the actual traffic on
even something as slow as 10 megabit network?

5) Most of the LEDs that people see on devices don't display any critical
information anyway. Power status, fault status, drive activity, etc.. is
most of it.

It's asinine things like this that just make me want to scream. They
spread fear, uncertainty, and doubt based on factless speculation to
promote themselves to groups of people who don't know better.

Don't ever believe anything technical you read in the media. It's almost always wrong.

great example

[twitter]

why in the Holy creation would someone spy on YOUR computer display???

been watching those special uncut/uncensored Three's Company episodes recently? tsk tsk tsk

Thanks for the great example of how some random asshole might want to reach out and make life difficult for a complete stranger. About one in three posts I make here has some kind of DoS type comment like this for a reply. People go to great lengths to break things. If someone nice has done this and published it, you can be sure hundreds of malicious losers with nothing better to do have mastered the trick.

Re:bullshit

[plover]

Film is 24FPS, but each frame is projected twice (the shutter has two interruptors) making the flicker rate 48Hz, and therefore much less noticeable.

Re:Here.. Look into this live fiber..

[plover]

In keeping with the rest of the posts on this thread, nope, can't be done. And here's where you can download it.