25,985 research outputs found
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
Recommended from our members
The effects of speed cameras: How drivers respond
This study set out to examine the effects and effectiveness of various strategies related to the deployment of speed cameras, and to explore how different types of driver responded to cameras
and perceived their operation. Recommendations for best deployment were to be considered. It
was carried out between 1993 and 1996 after the Road Traffic Act 1991 authorised the use of
automatic speed devices for the detection of offences. A series of 12 surveys arranged in five sets
and having some cross-sectional and some longitudinal elements was undertaken together with
some depth interviews, and self-report measures predominated. Five police forces helped to set up
the research. In total 6879 drivers took part. The particular interventions focused upon comprised
camera signing alone; two kinds of publicity campaign linked with speed camera deployment;
prosecution following detection by speed camera; and the effects of cameras when first installed
and over time.The Department of Environment, Transport and the Regions
- …