Any Network Router Can Covertly Leak Data
Any Network Router Can Covertly Leak Data
June 6, 2017
Homeland & Cyber Security, Press Releases
Researchers at the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) have demonstrated for the first time that it is possible to covertly siphon sensitive files, passwords or other critical data from any common router.
In the new paper, the researchers demonstrated how LEDs functionality can be silently overridden by malware they developed (code named “xLED”), which infects firmware in the device. Once the xLED malware infects the network device, it gains full control of the LEDs that flash to indicate status.
Dr. Mordechai Guri
Network devices such as routers and local area network switches typically include activity and status LEDs used to monitor traffic activity, alerts and provide status.
According to research leader Dr. Mordechai Guri, the head of research and development at the BGU CSRC, “sensitive data can be encoded and sent via the LED light pulses in various ways. An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED’s activity and decode the signals.
“Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored,” he adds. “As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods.”
The xLED malware can program the LEDs to flash at very fast speeds – more than 1,000 flickers per second for each LED. Since a typical router or network switch includes six or more status LEDs, the transmission rate can be multiplied significantly to as much as thousands of bits per second. As a result, a significant amount of highly sensitive information can be encoded and leaked over the fast LED signals, which can be received and recorded by a remote camera or light sensor.
The BGU CSRC has a dedicated research program to uncover and demonstrate vulnerabilities of electronic devices. Over the past two years, they have successfully demonstrated how malware can siphon data from computer speakers, headphone jacks, hard drives, and computer fans, as well as 3D printers, smartphones, LED bulbs, and other IoT devices.
In addition to Dr. Guri, the other BGU researchers include Boris Zadov, who received his M.Sc. degree from the BGU Department of Electrical and Computer Engineering; Andrey Daidakulov, CSRC security researcher, and Prof. Yuval Elovici, director of the BGU Cyber Security Research Center. Prof. Elovici is also a member of BGU’s Department of Software and Information Systems Engineering and director of Deutsche Telekom Laboratories at BGU.
ABOUT AMERICANS FOR BEN-GURION UNIVERSITY
By supporting a world-class academic institution that not only nurtures the Negev, but also shares its expertise locally and globally, Americans for Ben-Gurion University engages a community of Americans who are committed to improving the world. David Ben-Gurion envisioned that Israel’s future would be forged in the Negev. The cutting-edge research carried out at Ben-Gurion University drives that vision by sustaining a desert Silicon Valley, with the “Stanford of the Negev” at its center. The Americans for Ben-Gurion University movement supports a 21st century unifying vision for Israel by rallying around BGU’s remarkable work and role as an apolitical beacon of light in the Negev desert.
About Ben-Gurion University of the Negev
Ben-Gurion University of the Negev embraces the endless potential we have as individuals and as a commonality to adapt and to thrive in changing environments. Inspired by our location in the desert, we aim to discover, to create, and to develop solutions to dynamic challenges, to pose questions that have yet to be asked, and to push beyond the boundaries of the commonly accepted and possible.
We are proud to be a central force for inclusion, diversity and innovation in Israel, and we strive to extend the Negev’s potential and our entrepreneurial spirit throughout the world. For example, the multi-disciplinary School for Sustainability and Climate Change at BGU leverages over 50 years of expertise on living and thriving in the desert into scalable solutions for people everywhere.
BGU at a glance:
20,000 students | 800 senior faculty | 3 campuses | 6 faculties: humanities & social sciences, health sciences, engineering sciences, natural sciences, business & management, and desert research.
For all press inquiries, please contact:
James Fattal, J Cubed Communications
516.289.1496
Stories Like This
