"Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs"
A security researcher with a long track record of demonstrating novel data exfiltration methods from air-gapped systems has devised yet another method that involves sending Morse code signals via LEDs on Network Interface Cards (NICs). Dr. Mordechai Guri, the head of R&D at the Cybersecurity Research Center at the Ben Gurion University of the Negev, developed the ETHERLED approach after recently describing GAIROSCOPE, a method for transmitting data ultrasonically to smartphone gyroscopes. According to Dr. Guri, the malware installed on the device could programmatically control the status LED by blinking or alternating its colors, using documented or undocumented firmware commands. It is possible for information to be encoded through simple encoding such as Morse code and modulated over these optical signals. These signals can be intercepted and decoded from tens to hundreds of meters away by an attacker. A NIC is a computer hardware component that connects a computer to a computer network. It is also known as a network interface controller or network adapter. LEDs built into the network connector alert the user when the network is connected and when there is data activity. ETHERLED, like other adversarial approaches against air-gapped systems, requires an intruder to breach the target environment and plant malicious code that allows the NIC LEDs to be controlled. The attack then moves on to the data collection and exfiltration phase, in which sensitive information such as credentials and biometrics are encoded and transmitted over a covert optical channel using the network card's status LED indicators. Finally, the optical signals are received via a hidden camera placed in a location with a direct line of sight to the compromised transmitting computer. The camera could also be a surveillance camera vulnerable to remote exploitation or a smartphone involving a rogue insider. This article continues to discuss the demonstrated ETHERLED approach to exfiltrating data from an air-gapped system.
THN reports "Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs"