
Malware Uses Router LEDs to Steal Data From Secure Networks - arnon
https://www.bleepingcomputer.com/news/security/malware-uses-router-leds-to-steal-data-from-secure-networks/
======
chris_overseas
This technique is sometimes used when reverse engineering. For example, if you
can find a way to run code on a device and control an LED on it, it can then
be possible to dump the device's firmware through flashing the LED.

This is exactly how the CHDK project[1] managed to obtain firmware dumps[2] of
various Canon cameras when they were first being reverse-engineered. I used
the same technique myself when I soft-bricked my camera and needed to see the
camera's internal log messages to understand where the problem was. I
redirected the log out to the LED, recorded them using a photodiode and my PC
soundcard input, then reconstructed logfile from the soundwave that was
recorded. To my surprise and pleasure, it worked first time and gave some of
the clues needed to eventually revive the camera.

[1] [http://chdk.wikia.com/wiki/CHDK](http://chdk.wikia.com/wiki/CHDK)

[2]
[http://chdk.wikia.com/wiki/Obtaining_a_firmware_dump](http://chdk.wikia.com/wiki/Obtaining_a_firmware_dump)

------
j_s
_Computer keyboards have LEDs on them that are essentially kind of useless:
one to tell you when NUM LOCK is on, one for CAPS LOCK, and a third one whose
purpose Randy can 't even remember. And for no reason other than the general
belief that every aspect of a computer should be under the control of hackers,
someone, some where, wrote some library routines called XLEDS that make it
possible for programmers to turn these things on and off at will. And for a
month, Randy's been writing a little program that makes use of these routines
to output the contents of a text file in Morse code, by flashing one of those
LEDs. And while all kinds of useless crap has been scrolling across the screen
of his computer as camouflage, Randy's been hunched over gazing into the
subliminal channel of that blinking LED, reading the contents of the decrypted
Arethusa intercepts._

\-- Neal Stephenson's
[http://www.cryptonomicon.com/text.html](http://www.cryptonomicon.com/text.html)
(2009, as what's left of its custom website shows!). $9 Kindle edition:
[https://amzn.com/dp/B000FC11A6](https://amzn.com/dp/B000FC11A6)

Apparently he has a new novel out next week.

~~~
knodi123
> Apparently he has a new novel out next week.

A time-travel adventure involving a scientist trying to resurrect the power of
magic! Wow. I had no idea this was coming, thanks for the heads up!

------
t0mek
Google's security expert Michał Zalewski (lcamtuf) explored this subject in
his book "Silence on the Wire" (2005). He even described how to build a simple
device to read these LEDs.

It's a great piece of the writing (much like the whole book). The chapter is
available for free:

[https://www.nostarch.com/download/silence_ch05.pdf](https://www.nostarch.com/download/silence_ch05.pdf)

------
davidsong
There was [earlier work]([http://www.applied-
math.org/optical_tempest.pdf](http://www.applied-
math.org/optical_tempest.pdf)) on pulling Ethernet data from the LEDs of a
100MBps switch, as they were hard-wired to the cable.

There was also a paper from around the same time about a keyboard hack that
flashes the caps lock key imperceptibly fast but brightly enough so that a
remote watcher can see the encoded keystrokes on your curtains or ceiling, but
I can't seem to find that one.

~~~
zkms
> a keyboard hack that flashes the caps lock key imperceptibly fast but
> brightly enough so that a remote watcher can see the encoded keystrokes on
> your curtains or ceiling,

it's in that same paper you linked, page 20.

Now the _real_ beautiful result is the one where Kuhn deconvolves the
_diffuse_ light output (not an image, the _total_ instantaneous light output,
as would be collected by a fast photomultiplier tube or a photodiode) of a CRT
with the impulse response of the phosphor -- to obtain the original image!
[https://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf](https://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf)

------
zkms
I don't see what's the huge (besides higher data rates and a different
modulation waveform) difference between that 2017 paper and this 2002 one:
[http://applied-math.org/optical_tempest.pdf](http://applied-
math.org/optical_tempest.pdf)

Did we really need another "LEDs connected to serial lines / GPIOs can be made
to blink arbitrarily and a camera/photodiode that looks at them can decode
data" paper?

------
pawadu
Saving you a click: if you have malware already installed and a camera nearby,
you can use the LEDs to transmit data to outside.

------
jlg23
Clickbait. "an attacker with visual access to the LEDs and either control of
or knowledge about exact on/off meanings could steal data".

Otherwise, when lore comes up again and again as "new", you realize that you
are not the youngest... from the jargon file[1]:

    
    
       :blinkenlights: /blink'@n·li:tz/, n.
    
       [common]   Front-panel  diagnostic  lights  on  a  computer,  esp.  a
       {dinosaur}.  Now that dinosaurs are rare, this term usually refers to
       status lights on a modem, network hub, or the like.
    

[1] [http://jargon-file.org/archive/jargon-4.4.7.dos.txt](http://jargon-
file.org/archive/jargon-4.4.7.dos.txt)

