Last updated July 10th 2017
We’ve all heard about hackers remotely activating webcams and microphones to spy on people without their knowing. NoCamels recently reported that simple headphones can spy on us, and even desktop scanners. Now, a new Israeli study reveals that a seemingly innocent network router can leak data from your computer or any other device connected to it.
In fact, the router itself can be hacked and manipulated to steal precious data from your computer.
Researchers at Israel’s Ben-Gurion University have demonstrated that it is possible to covertly siphon sensitive files, passwords or other critical data from any common router.
In their new paper, the researchers demonstrated how LEDs functionality (the flickering lights on the router) can be silently overridden by malware they developed (code named “xLED”), which infects firmware in the device. Once the xLED malware infects the network device, it gains full control of the LEDs that flash to indicate status.
Network devices such as routers and local area network switches typically include activity and status LEDs used to monitor traffic activity, alerts and provide status.
According to BGU’s Dr. Mordechai Guri, who led the study, “sensitive data can be encoded and sent via the LED light pulses in various ways. An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED’s activity and decode the signals.”
Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored. As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods.
The xLED malware can program the LEDs to flash at very fast speeds – more than 1,000 flickers per second for each LED. Since a typical router or network switch includes six or more status LEDs, the transmission rate can be multiplied significantly to as much as thousands of bits per second. As a result, a significant amount of highly sensitive information can be encoded and leaked over the fast LED signals, which can be received and recorded by a remote camera or light sensor.
Over the past two years, BGU researchers have successfully demonstrated how malware can siphon data from computer speakers, headphone jacks, hard drives, and computer fans, as well as 3D printers, smartphones, LED bulbs, and other IoT devices.
In addition to Guri, other BGU researchers involved in the router research include Boris Zadov, Andrey Daidakulov and Prof. Yuval Elovici, director of the BGU Cyber Security Research Center.
Photos and video: Courtesy