Malware Turns a Router's LED Array into a Network Security Nightmare

[cageymaru]

The researchers at Ben-Gurion University in Israel have devised a new way to steal data from highly secure air-gap networks. By injecting malware into a router's firmware, they can turn the infected router into a transmitter of data via its LED array. The various blinking LED lights on the router will then begin transmitting binary data via a program called xLed. The binary code is represented by LED on cycles as "1's" and LED off cycles as "0's". The more lights on a router, the faster that the malware can pilfer data; up to at a rate of more than 1000 bit/sec per LED. The binary data transmitted is best recorded by an optical camera within line of sight of the infected router. The malware is sophisticated enough to be selective in what type of data it sends. You can read the research paper here.

Yes, this is very similar to the LED-It-Go hack that we covered earlier this year as it is by the same research team at the Ben-Gurion University. Some question the methodology as it would seem that a person with that much access to the router could infect it more damaging malware. In my opinion the objective here isn't to get data once or over a short period of time before a network admin discovers your intrusion; it is to gently siphon your data over a long period of time without detection. Who is going to notice that the LED lights are blinking more than usual on a router that nobody pays attention to unless it physically breaks? It could send classified data for years as most governments rely upon antiquated equipment.

During their tests, researchers say they’ve tested various configurations for the video recording setup, such as optical sensors, security/CCTV cameras, extreme cameras, smartphone cameras, wearable/hidden cameras, and others. The research team says it achieved the best results with optical sensors because they are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment.

Researchers say that by using optical sensors, they were able to exfiltrate data at a rate of more than 1000 bit/sec per LED. Since routers and switches have more than one LED, the exfiltration speed can be increased many times over if multiple LEDs are used for data exfiltration. Basically, the more ports the router and switch has, the more data the malware can steal from the device.

 

[WhoBeDaPlaya]

Neat, but good luck transmitting data via my router since it doesn't have any LEDs

 

[Verado]

So the takeaway here is that tin foil hat people should tape over the LED's?

 

[chenw]

Or just don't leave them near windows.

 

[wizzi01]

So the takeaway here is that tin foil hat people should tape over the LED's?

Electrical tape ftw.

 

[Rahh]

So if you have access to install this malware to do this why would you go this route instead of easier methods? My first assumption is the little to no footprint being on the router but this kind of attack would be the least of my worries if someone had physical access anyways.

 

[chenw]

Most likely in an attempt to bypass security.

It's conceivable that in places with sensitive data will have their computers very closely monitored against intrusion from an outside source, routers would less likely be.

 

[Deleted member 245375]

Just try to imagine some of the cool shit these kinds of coders could do if they put their considerably creative talents towards actually doing shit that's useful instead of malicious or some sick hack to steal data in this particular method someone has created.

I swear, it's getting tougher and tougher each day to see anything positive about humanity at large - I mean I know this isn't a major massive epic fucking level of fail or anything and it's not like this is going to destroy modern technology at it's core but even so, geez, all that talent being wasted on such stupid irrelevant bullshit, it's insane.

 

[Kalabalana]

Just try to imagine some of the cool shit these kinds of coders could do if they put their considerably creative talents towards actually doing shit that's useful instead of malicious or some sick hack to steal data in this particular method someone has created.

I swear, it's getting tougher and tougher each day to see anything positive about humanity at large - I mean I know this isn't a major massive epic fucking level of fail or anything and it's not like this is going to destroy modern technology at it's core but even so, geez, all that talent being wasted on such stupid irrelevant bullshit, it's insane.

The fact that there is an underbelly doing this is indicative of the opposite end.

Don't focus on the small negative slices, try to see the whole spectrum. There's a hell of a lot more to it.

 

[Azphira]

Or just don't leave them near windows.

Or maybe punishments need to get draconian.

 

[cbutters]

Just try to imagine some of the cool shit these kinds of coders could do if they put their considerably creative talents towards actually doing shit that's useful instead of malicious or some sick hack to steal data in this particular method someone has created.

I swear, it's getting tougher and tougher each day to see anything positive about humanity at large - I mean I know this isn't a major massive epic fucking level of fail or anything and it's not like this is going to destroy modern technology at it's core but even so, geez, all that talent being wasted on such stupid irrelevant bullshit, it's insane.

Woah bud... pretty depressing take on this news story. Keep in mind; these are white-hat guys publishing their work through a university so that people are aware of the potential for this to happen. Proof of concept if you will. That helps bring visibility to a potential security issue. I think you should be hopeful that people are figuring this stuff out. Its a good thing.

That said, In actual practice in the real world... I don't see this ever working. Too many variables, too many router models; and how in the world would you get the malware on the router in the first place, if you didn't also have the ability to transfer data back and forth anyways? And if you had the ability to transfer data into the router, why bother with the LED. Its just not practical or effective. How does the router choose which data files to relay? Is it invulnerable to firmware upgrades on the router? It is an interesting concept, and sure... high security government data centers should probably learn from this and consider the orientation and placement of their routers because of this new information.

 

[Bandalo]

If the bad guys have enough access to load malware onto the target network, they would have plenty of other ways to exfiltrate data that would be faster and more reliable.

This is another one of those hacks that's in the "theoretically possible, but practically impossible" bucket.

 

[Deleted member 93354]

You would have to have physical access to the air gapped router. Stupid hack. Sorry. If someone has physical access to the routing hardware on an airgapped network and a good high quality sec cam hack, the victim in question has a lot more to worry about.

 

[IcePickFreak]

Just try to imagine some of the cool shit these kinds of coders could do if they put their considerably creative talents towards actually doing shit that's useful instead of malicious or some sick hack to steal data in this particular method someone has created.

I swear, it's getting tougher and tougher each day to see anything positive about humanity at large - I mean I know this isn't a major massive epic fucking level of fail or anything and it's not like this is going to destroy modern technology at it's core but even so, geez, all that talent being wasted on such stupid irrelevant bullshit, it's insane.

Imagine the cool shit we could do with the nearly 200 billion dollars spent on advertising annually just in the US. Welcome to the world.