Researchers have found a way to steal data from any router in the most unlikely of ways: observing the LED lights on the front of the router.

The paper from Israel’s Ben-Gurion University of the Negev describes how the LED functionality can be silently overridden by “xLED,” malware they had developed to infect firmware in the device. Once the xLED malware is installed on the router or switch, it gains full control of the LEDs and uses them to flash data being shared through the device. Then the data can be captured by a camera or light sensor hidden in the room to record the LEDs’ activity and decode the signals they share.

“Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored,” the paper notes. “As a result, it enables attackers to leak data while evading firewalls, air-gaps [computers not hooked up to the Internet] and other data-leakage prevention methods.”

The xLED malware can program the router’s LEDs to flash as many as 1,000 flickers per second for each LED. With a typical router or switch having six or more status LEDs, thousands of bits per second can be encoded and shared by this method.

“We show that the bandwidth can be increased further when multiple LEDs are used,” the paper added. “This rate allows the exfiltration of files, keylogging data, and encryption keys relatively quickly.”

Although the method can be best described as a novel way of access data from a router, the research team has also previously shown methods that include how malware can obtain data from computer speakers, headphone jacks, hard drives (not directly but from the way they sound) and computer fans. For a determined hacker looking for a non-traditional way of stealing data, light and sound are tools that can be used for their nefarious activities with a much lower chance of being detected than traditional malware attacks.

Image: 111177499@N03/Flickr