Read Time:1 Minute, 33 Second
Be careful with what you send; air-gapped devices can send covert Morse signals via network card LEDs. These signals are encoded in sound waves, light, or pushing buttons on the device used for covert communication.
In a recent study, Dr Mordechai Guri, a senior lecturer at Ben-Gurion University of Negev’s Department of Software and Information Systems Engineering, came up with a new technique to transmit Morse code signals through LEDs on network interface cards (NICs). He then codenamed this approach as ETHERLED.
“Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away.” Dr Guri said.
Guri’s latest proof-of-concept attack focuses on network cards with a multi-coloured LED that blinks when there’s data traffic. An attacker can manipulate the LED to blink at a rate invisible to the human eye but can be picked up by a camera and translated into Morse code.
Air-gapped devices are often used in sensitive environments where physical access to the system is not possible or desirable.
To pull off the attack, the ransomware attacker would first need to install malware on an air-gapped system connected to a network with other devices. The malware would then manipulate the state of the NIC’s LEDs to encode and transmit data as Morse code signals.
While the range of this approach is relatively limited, it could still be useful for attackers who have already gained access to a target air-gapped system and can even look for more ways to exfiltrate data from it.
In line with this, individuals or organisations operating such systems should be aware of the risks and take steps to prevent undesirable attacks as air-gapped systems continue becoming more common in today’s digital world.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
