xled: Covert data exfiltration from air-gapped networks via switch and router leds

Mordechai Guri, Boris Zadov, Andrey Daidakulov, Yuval Elovici

2018 16th Annual Conference on Privacy, Security and Trust (PST), 1-12, 2018

An air-gapped network is a type of IT network that is separated from the Internet – physically – due to the sensitive information it stores. Even if such a network is compromised with a malware, the hermetic isolation from the Internet prevents an attacker from leaking out any data – thanks to the lack of connectivity. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device (‘side-channel’), malware controlling the status LEDs to carry any type of data (‘covert-channel’) has never studied before. Sensitive data can be covertly encoded over the blinking of the LEDs and received by remote cameras and optical sensors. A malicious code is executed in a …