Malware Uses Router LEDs To Steal Data From Secure Networks

An anonymous reader writes: Researchers from the Ben-Gurion University of the Negev in Israel have developed malware that when installed on a router or a switch can take control over the device's LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment. The attack is similar to the LED-it-GO attack developed by the same team, which uses a hard drive's blinking LED to steal data from air-gapped computers. Because routers and switches have many more LEDs than a hard drive, this attack scenario is much more efficient, as it can transmit data at about the same speed, but multiplied by the number of ports/LEDs. Researchers say they were able to steal data by 1000 bits/ per LED, making this the most efficient attack known to date. The attack worked best when coupled with optical sensors, which are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment. A video of the attack is available here.

Almost old school

[fuzzyfuzzyfungus]

This looks like a contemporary attempt to revive a classic.

Back in the Before Times; you could get serial modems that did DES(maybe 3DES? my memory grows fuzzy) in hardware, to allow systems without built in line security measures to be run over phone lines(ATMs, that sort of thing). It was cleartext on the RS-232 link between the device and the modem; but that was supposed to be physically secured inside the chassis; then encrypted between the modems on each end of the line; and decrypted at the far end, presumably in a secure location.

Some designs, whether out of lack of imagination, incompetence, or sneaky malice, had LEDs that were more or less directly tied to the cleartext serial input; and the LEDs and drive circuitry were quite capable of blinking at the rates of at least the slower serial links; so you could read the unencrypted serial traffic right off the fancy 'secure' modem's blinkenlights(at a fair distance, with magnification).

This study tested ethernet gear as well; but found that(if unmodified) it was of relatively limited use: data rates were far too high for LEDs to be driven directly by high/low values in the data stream; and instead blinked in ways only indirectly associated with traffic activity, mostly for diagnostic convenience.

This new one requires that the system be maliciously modified, so it lacks the charm of the original; but takes advantage of the fact that indicator LEDs can still blink pretty fast(and some are GPIO controlled) so they can still be shoved into transmitting information; but now you have to handle that yourself, rather than having the vendor do it for you.

IrDA

[Dan+East]

What do you think IrDA is (was)? Same thing using infrared LEDs is all. It supported up to 115.2 kbit/s, and that's just on one "channel" (LED). Back in 2004 I bitbanged IrDA with a micro-controller in a homebrew PS1 controller adapter that allowed me to use the controller with a Pocket PC. It was one-way communication, because the controller just needed to communicate button presses to the Pocket PC. It worked quite well. Anyway, assuming there is a relatively low-level access for toggling the LEDs on or off on a [insert device name here], such a method of transmitting data is patently obvious...
The "scary" thing is that communications of this sort are far beyond the refresh rate of the human eye, and so the end result is that the LED simply looks about half the normal brightness and does not appear to pulsate or anything.

Deja vu

[ShaunC]

LED Lights: Friend or Foe? was posted here more than 15 years ago. Everything old is new again (except me, I guess).