Researchers have discovered a method that could be used by hackers to leak sensitive data stored on an individual computer by manipulating the machine’s LED light.
The researchers found that using malware to control the hard drive LED, sensitive information could be encoded and transmitted to a camera or sensor, where it could be recorded and decoded at leisure. This method was found to be an effective method for hacking air-gapped computers which, due to their physical and practical isolation are often considered to be secure (though imperfect) data repositories.
Isolating a specific machine physically and logically from unsecured networks, including public networks and the internet, is considered a next-level security measure. While not perfectly secure, air-gapped computers are often used to store highly classified information such as military defense systems, critical infrastructure, and financial computer systems such as stock exchanges.
Using malware to control the blinking LED hard drive, the team was able to transfer data including passwords, encryption keys, and entire files which can be transmitted at a rate of 2MB/hour.
The method used malware to turn the LED light off and on at a rate of up to 5800 blinks per second. Well beyond the capability of human perception, this rapid blinking creates a flickering effect to the human eye, mimicking the everyday flickering of the hard drive’s processor LED light. However, using malware to control a hard drive’s ‘read’ and ‘write’ functions creates controlled LED flickering. Information from the computer can then be transmitted in a Morse-code like message, which, while too fast to see, can be recorded and later decoded by malicious parties.
Using a drone, the researchers demonstrated how an air-gapped computer could be located and the malware-controlled flickering recorded to exfiltrate sensitive data.
