Researchers disclose airgap defeating technique using Morse code from NIC LEDs

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
13,745
Reaction score
11,515
Location
The Rabbit Hole
Network card LEDs can leak confidential data from secure devices using Morse code

Ben Gurion University’s head of cyber security research and development, Dr Mordechai Guri, has discovered a new technique that sends Morse code signals via the LEDs on network interface cards.

Attackers can use the technique, named ETHERLED, to leak data from air-gapped networked devices like PCs, printers, network cameras, embedded controllers, and servers.
 
This is nothing new though.. the same thing was done with the hard drive activity led..
 
If its air gapped how do you get the compromise installed?
Exactly. Kinda silly. If you have access to the air gap system, then there's probably vastly easier ways to get whatever data you need.

Then again this'd be useful as a long-term low-physical-risk method of spying on a system maybe?
 
Exactly. Kinda silly. If you have access to the air gap system, then there's probably vastly easier ways to get whatever data you need.

Then again this'd be useful as a long-term low-physical-risk method of spying on a system maybe?
More to the point if it has a card connected it's not really air-gapped in the first place.
 
Well unless you install a rather obvious device reading the morse code from whatever light is sending out data, how are you going to read it from outside the building. And if you have easy access to the building and hardware, there are easier ways like others have said. Nifty party trick at a security con, but I see zero practical use/fear cases.
 
Airgapped would mean no networking…so that would be removed or disabled surely?
 
Airgapped would mean no networking…so that would be removed or disabled surely?
The internal secure network is air-gapped. But it's still a network. The point is that an external device that has LOS of the air-gapped NIC can read the LEDs using a webcam or whatever, provided that the air-gapped network itself has already been compromised by someone physically loading this morse code malware.

It's weirdly specific. Like I said in another comment. If you were trying to spy on a system, to keep risk low, you can have someone install malware once on the air-gapped system and now you have a way to receive from that system physically through the LED morse code without having to physically go inside the building and get the info from the system. ¯\_(ツ)_/¯
This is like James-Bond-level spying.

Well unless you install a rather obvious device reading the morse code from whatever light is sending out data, how are you going to read it from outside the building. And if you have easy access to the building and hardware, there are easier ways like others have said. Nifty party trick at a security con, but I see zero practical use/fear cases.
A laptop with a webcam from a technician that just happens to be connected to WiFi and just happens to have LOS to the air-gapped NIC's LEDs. Or some dude with a spotting scope looking through a window at the LEDs.

Use your imagination!
 
The internal secure network is air-gapped. But it's still a network. The point is that an external device that has LOS of the air-gapped NIC can read the LEDs using a webcam or whatever, provided that the air-gapped network itself has already been compromised by someone physically loading this morse code malware.

It's weirdly specific. Like I said in another comment. If you were trying to spy on a system, to keep risk low, you can have someone install malware once on the air-gapped system and now you have a way to receive from that system physically through the LED morse code without having to physically go inside the building and get the info from the system. ¯\_(ツ)_/¯
This is like James-Bond-level spying.


A laptop with a webcam from a technician that just happens to be connected to WiFi and just happens to have LOS to the air-gapped NIC's LEDs. Or some dude with a spotting scope looking through a window at the LEDs.

Use your imagination!
If I had one shot at it I'd just install a device like a Pi in the back. If the network is in the same cabinet, I'd just swop out one of the cables going to an obscure location where I can easily set up hardware to my liking daily. Granted if it was properly gapped they'd employ a host of settings likely including whitelisting and and, so little tricky, but since I do have the password (if need it anyway to install the led trick right?) that's a non issue
 
Network card LEDs can leak confidential data from secure devices using Morse code

Ben Gurion University’s head of cyber security research and development, Dr Mordechai Guri, has discovered a new technique that sends Morse code signals via the LEDs on network interface cards.

Attackers can use the technique, named ETHERLED, to leak data from air-gapped networked devices like PCs, printers, network cameras, embedded controllers, and servers.
have you heard of sight lines, this has been copyright blocked by the UK for many years now. no ?
 
Top
Sign up to the MyBroadband newsletter