cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,090
The researchers at Ben-Gurion University in Israel have devised a new way to steal data from highly secure air-gap networks. By injecting malware into a router's firmware, they can turn the infected router into a transmitter of data via its LED array. The various blinking LED lights on the router will then begin transmitting binary data via a program called xLed. The binary code is represented by LED on cycles as "1's" and LED off cycles as "0's". The more lights on a router, the faster that the malware can pilfer data; up to at a rate of more than 1000 bit/sec per LED. The binary data transmitted is best recorded by an optical camera within line of sight of the infected router. The malware is sophisticated enough to be selective in what type of data it sends. You can read the research paper here.
Yes, this is very similar to the LED-It-Go hack that we covered earlier this year as it is by the same research team at the Ben-Gurion University. Some question the methodology as it would seem that a person with that much access to the router could infect it more damaging malware. In my opinion the objective here isn't to get data once or over a short period of time before a network admin discovers your intrusion; it is to gently siphon your data over a long period of time without detection. Who is going to notice that the LED lights are blinking more than usual on a router that nobody pays attention to unless it physically breaks? It could send classified data for years as most governments rely upon antiquated equipment.
During their tests, researchers say they’ve tested various configurations for the video recording setup, such as optical sensors, security/CCTV cameras, extreme cameras, smartphone cameras, wearable/hidden cameras, and others. The research team says it achieved the best results with optical sensors because they are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment.
Researchers say that by using optical sensors, they were able to exfiltrate data at a rate of more than 1000 bit/sec per LED. Since routers and switches have more than one LED, the exfiltration speed can be increased many times over if multiple LEDs are used for data exfiltration. Basically, the more ports the router and switch has, the more data the malware can steal from the device.
Yes, this is very similar to the LED-It-Go hack that we covered earlier this year as it is by the same research team at the Ben-Gurion University. Some question the methodology as it would seem that a person with that much access to the router could infect it more damaging malware. In my opinion the objective here isn't to get data once or over a short period of time before a network admin discovers your intrusion; it is to gently siphon your data over a long period of time without detection. Who is going to notice that the LED lights are blinking more than usual on a router that nobody pays attention to unless it physically breaks? It could send classified data for years as most governments rely upon antiquated equipment.
During their tests, researchers say they’ve tested various configurations for the video recording setup, such as optical sensors, security/CCTV cameras, extreme cameras, smartphone cameras, wearable/hidden cameras, and others. The research team says it achieved the best results with optical sensors because they are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment.
Researchers say that by using optical sensors, they were able to exfiltrate data at a rate of more than 1000 bit/sec per LED. Since routers and switches have more than one LED, the exfiltration speed can be increased many times over if multiple LEDs are used for data exfiltration. Basically, the more ports the router and switch has, the more data the malware can steal from the device.