@inproceedings{a18108ec4b3e42dbbb9ce77822d2d8bc,
title = "ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs",
abstract = "Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an 'air-gap.'In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.",
keywords = "Image color analysis, Surveillance, Light emitting diodes, Cameras , Malware, Encoding, Printers",
author = "Mordechai Guri",
note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 2nd IEEE International Conference on Cyber Security and Resilience, CSR 2022 ; Conference date: 27-07-2022 Through 29-07-2022",
year = "2022",
doi = "10.1109/CSR54599.2022.9850284",
language = "English",
series = "Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022",
publisher = "Institute of Electrical and Electronics Engineers",
pages = "163--170",
booktitle = "Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022",
address = "United States",
}