Hackers Can Steal Data by Observing Blinking LED Lights

cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,089
For maximum security, corporations will air-gap their most sensitive data. Air-gap is when the PC isn't connected to the internet or other PCs connected to a network that can assess the internet. Sounds like a really protected PC that you can trust? Of course not!

In this age of industrial and international espionage, the Israelis have designed malware that when loaded onto the secure system will make the hard drive LED lights transmit the data on the system via Morse code. Then the data can be transmitted across great distances without the victim knowing. In the video below it is transferred via a drone that is using a camera to peer through a window from a parking lot at the corporation's complex. Could you imagine what data you could steal with a satellite and a mirror mounted on another building reflecting the LED light upwards to the heavens?

As far as speed goes, it can transmit 4,000 bits per second which is 10 times faster than conventional camera methods. Anyone want to do the math on how long to dump a 10 TB hard drive? Glad there are so many RGB lights on everything today. No security concerns there!

Like other air-gap attacks, one of the biggest hurdles that has to be overcome is getting malware onto the target computer. How do you install malware on a system that has no Internet connection? USB sticks and SD cards are the most common method, though both require a willing accomplice. That's not necessarily hard to find... if the job pays well enough.
 
cageymaru said:
Like other air-gap attacks, one of the biggest hurdles that has to be overcome is getting malware onto the target computer. How do you install malware on a system that has no Internet connection? USB sticks and SD cards are the most common method, though both require a willing accomplice. That's not necessarily hard to find... if the job pays well enough.
Click to expand...

Pretty much this. If you have a paid, willing accomplice, then they could simply load up that USB stick with data and walk away.

It's possible in theory, but in practice, there's probably a dozen far more efficient ways to steal data.
 
I avoid to work for Israeli firms. It's amazing how many of them, at least around here, are focusing on tracking people and stealing data. Don't want to have anything to do with these murderers
 
cageymaru said:
Like other air-gap attacks, one of the biggest hurdles that has to be overcome is getting malware onto the target computer. How do you install malware on a system that has no Internet connection? USB sticks and SD cards are the most common method, though both require a willing accomplice. That's not necessarily hard to find... if the job pays well enough.
Click to expand...

This was my first thought. If you've got a system secure enough that it can't be accessed by the internet, what's the likelyhood that your going to even be able to get this malware on the system, let alone the fact that it also needs a window view.
 
tenjuna said:
33,333,333 seconds, or 5,555,555 minutes, or 92,592 hours, or 3,858 days, or almost 11 years to do that data dump.

Yes, I have too much time on my hands. :-D
Click to expand...
This isn't adding up...
10995116277760 bytes (10TB)
500bytes/s (4000bits/s)
10995116277760/500=21990232555.52 seconds
21990232555.52/60=366503875.93 minutes
366503875.93/60=6108397.93 hours
6108397.93/24=254516.58 days
254516.58/365.25=696.82 YEARS!

Seems unbelievable, but I triple checked my math...
 
DracoDan said:
This isn't adding up...
10995116277760 bytes (10TB)
500bytes/s (4000bits/s)
10995116277760/500=21990232555.52 seconds
21990232555.52/60=366503875.93 minutes
366503875.93/60=6108397.93 hours
6108397.93/24=254516.58 days
254516.58/365.25=696.82 YEARS!

Seems unbelievable, but I triple checked my math...
Click to expand...

It's one of those stupid inconsistencies with computers. Hard drive manufacturers use base 10, everyone else in the computer field uses base 2.
 
cageymaru said:
For maximum security, corporations will air-gap their most sensitive data..................
Click to expand...

Oops, air-gap, yes some still do this, but air-gaping isn't about moving sensitive data. Air-gaping is about isolating the sensitive data and air-gaping all the other stuff the computer needs so the machines with sensitive data never touch the outside world.

I have a machine I use to do analysis on some electronic devices. The analytic work and the products from the analysis is sensitive and isolated. I air-gap in patches, software updates, and the raw data I do my analytic work on. At least this is the most common usage. I can also export the product back out by air-gap for usage by others although sometimes I'll "clean up the product some" in order to protect as much sensitive information as I can. Just examples.
 
Hypergreatthing said:
malware that encodes data into morse code? Retarded.
Click to expand...

That's why it'd work, too.

That's dumb, no one would do that. And, someone did it and exploited it and obtained sensitive data (in this fictional example). Not so dumb anymore.

It may be low bandwidth and take a bit, but it's a proof of concept. It can be done. It can be modified to work how they want it to. A lot of things to take into consideration, but it's doable.
 
Ur_Mom said:
That's why it'd work, too.

That's dumb, no one would do that. And, someone did it and exploited it and obtained sensitive data (in this fictional example). Not so dumb anymore.

It may be low bandwidth and take a bit, but it's a proof of concept. It can be done. It can be modified to work how they want it to. A lot of things to take into consideration, but it's doable.
Click to expand...

There's a gigantic gap between possible and realistic. The data rate, the complexity of inserting the highly-specific malware required, and the complexity of COLLECTING that data from the blinky light makes this whole plan a non-starter.
 
otherweeb said:
or since most case mount LEDs have a connector, IT should unplug them beforehand. It is simply genius though.
Click to expand...


Actually most organizations of medium to large size as heavily virtualized and there are no hard drives at all at the workstation position, the hard drives are all virtualized and the storage is a SAN and/or NAS system inside a cypher locked server room.
 
Bandalo said:
There's a gigantic gap between possible and realistic. The data rate, the complexity of inserting the highly-specific malware required, and the complexity of COLLECTING that data from the blinky light makes this whole plan a non-starter.
Click to expand...

If your target machine is in an internet cafe in Cairo, that an Isil recruiter uses to talk to young American girls over Kakao-Talk, it's easily doable, and the data involved isn't large enough to be a problem.

Think use cases, I bet there are more than enough that fit the capabilities of this technique.
 
lcpiper said:
If your target machine is in an internet cafe in Cairo, that an Isil recruiter uses to talk to young American girls over Kakao-Talk, it's easily doable, and the data involved isn't large enough to be a problem.

Think use cases, I bet there are more than enough that fit the capabilities of this technique.
Click to expand...

Again though, if you can get malware onto the target machine to begin with, there's dozens of far faster, and less problematic, ways to extract data.
 
Bandalo said:
Again though, if you can get malware onto the target machine to begin with, there's dozens of far faster, and less problematic, ways to extract data.
Click to expand...

Sure, but if it's discovered, aren't they also easier to trace back to a source?

If I put malware on a machine to send that data to my machine, doesn't it leave a trail to follow?

It's hard to follow a blinking LED to who is watching it.
 
cageymaru said:
In this age of industrial and international espionage, the Israelis have designed malware that when loaded onto the secure system will make the hard drive LED lights transmit the data on the system via Morse code.
Click to expand...

I very much doubt this is actually morse code.

There are certainly more compact was to transmit data through a blinking light, especially if you don't limit yourself to the binary dot and dash (for example, the off period can also be used to transmit data, by varying the time between flashes)

Old IrDA encoding would be the first place I would start, since it was designed specifically for transmission via (infrared) leds
 
Pfft, I got 600 and some odd years the first quick math I did and figured that was off, so I did it again and ended up being even more wrong.

Note to self: do not attempt math right after waking up.
 
What about using it as a keylogger? It's plenty fast enough for that.

Sure, it's very limited. But, it's possible. There are probably easier ways to get that information, but this is just one more tool in the ol' toolbox.
 
Ur_Mom said:
What about using it as a keylogger? It's plenty fast enough for that.

Sure, it's very limited. But, it's possible. There are probably easier ways to get that information, but this is just one more tool in the ol' toolbox.
Click to expand...
The problem is getting data back out of this type of location, usually they are in a secured location, and quite often are air-gapped! However, most (such as secure government systems) also have a policy against having windows into where the computer is located.
 
dgz said:
I avoid to work for Israeli firms. It's amazing how many of them, at least around here, are focusing on tracking people and stealing data. Don't want to have anything to do with these murderers
Click to expand...
it's okay, they probably wouldn't hire you anyway.
 
You must log in or register to reply here.
Back
Top