LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED

Mordechai Guri, Boris Zadov, Yuval Elovici

Detection of Intrusions and Malware, and Vulnerability Assessment: 14th …, 2017

In this paper we present a method that allows attackers to covertly leak data from isolated, air-gapped computers. Our method utilizes the hard disk drive (HDD) activity LED which exists in most of today’s desktop PCs, laptops, and servers. We show that a malware can indirectly control the HDD LED, turning it on and off rapidly (up to 5800 blinks per second) – a rate that exceeds the visual perception capabilities of humans. Sensitive information can be encoded and leaked over the LED signals, which can then be received remotely by different kinds of cameras and light sensors (Demonstration video: https://www.youtube.com/watch?v=4vIu8ld68fc ). Compared to other LED methods, our method is unique, because it is also covert; the HDD activity LED routinely flickers frequently, and therefore the user may not be suspicious of changes in its activity. We discuss attack …