Scientists have demonstrated that it is possible to secretly draw off sensitive files, passwords or other critical data from any common router. The researchers at the Ben-Gurion University of the Negev (BGU) in Israel explained how functionality light-emitting diodes (LEDs) can be quietly overridden by malware they developed (code named “xLED”), which infects firmware in the device.
Once if the malware infiltrates the network device, it takes over full control of the LEDs that are used to indicate status. Significantly, network devices such as routers and local area network switches typically include activity and status LEDs used to monitor traffic activity, alerts and provide status.
“Sensitive data can be encoded and sent via the LED light pulses in various ways,” said Mordechai Guri, head of research and development at the BGU Cyber Security Research Center (CSRC).”An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED’s activity and decode the signals,” said Guri.
“Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored,” said Guri.”As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods,” he added.