ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an 'air-gap.'In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.

Original languageEnglish
Title of host publicationProceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages163-170
Number of pages8
ISBN (Electronic)9781665499521
DOIs
StatePublished - 2022
Event2nd IEEE International Conference on Cyber Security and Resilience, CSR 2022 - Virtual, Online, Greece
Duration: 27 Jul 202229 Jul 2022

Publication series

NameProceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022

Conference

Conference2nd IEEE International Conference on Cyber Security and Resilience, CSR 2022
Country/TerritoryGreece
CityVirtual, Online
Period27/07/2229/07/22

Keywords

  • Image color analysis
  • Surveillance
  • Light emitting diodes
  • Cameras , Malware
  • Encoding
  • Printers

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs'. Together they form a unique fingerprint.

Cite this