Dr. Mordechai Guri, a researcher from Ben-Gurion University in Israel, has recently presented an interesting and rather unusual way of exfiltrating data from systems physically separated from external networks (so-called air-gapped systems). The method was called ETHERLED and it involves changing the firmware of an ordinary Ethernet network card in such a way that its built-in signaling LEDs, can emit signals (data) in Morse code. A potential attacker then does not need to have physical access to the victim machine because all they need is the visibility of the network card of the attacked computer.
Replacing the network card controller with a specially prepared malware, makes it possible to control the color and flashing frequency of LEDs, making it possible to ‘send’ coded information via ordinary light waves. A smartphone camera, a drone equipped with a camera, or a surveillance camera under the control of the attacker, are only the examples of the equipment with which the attackers can receive the data. During the tests conducted by Dr. Guri, they were able to exfiltrate, among others: a 100-bit password, a 256-bit Bitcoin private key, a 64-bit PIN, and a 4096-bit RSA key.
ETHERLED can be applied not only to computer network cards, but also to other electronic devices containing wired network interfaces such as routers, printers, NAS, TV sets or IoT devices. Of course, a number of conditions must be met for the described attack to be successful, and it seems to be considered rather in the theoretical realm, mostly because the air-gapped systems, are usually highly protected systems.
Source:
Bleeping Computer
Proof of Concept (PoC) of the method described
