New attack allows data exfiltration through NIC LEDs

According to BleepingComputer, threat actors could leverage a new attack technique involving the use of network card LED indicators to facilitate data exfiltration from isolated systems used in critical infrastructure organizations or units. arms control. Network-attached storage devices, routers, scanners, printers and other hardware or peripherals could also be compromised by the new attack method dubbed “ETHERLED”, which converts blinking LEDs into decipherable Morse code signals, said Israeli researcher Mordechai Guri. Computers targeted by ETHERLED are installed with malware that contains modified network card firmware that controls certain LED attributes, with the malware then compromising the network interface controller drive for connectivity state changes or modulation LEDs. Additionally, hardware functionality could be leveraged to alter network connection speeds and Ethernet interface operation. Data exfiltration using single-status LEDs resulted in generation of Morse code dots and dashes lasting 100ms to 300ms, but using the driver/firmware approach could multiply by ten the bit rate of Morse code, noted Guri. Passwords could be leaked using ETHERLED from 1 second to 1.5 minutes, while Bitcoin private keys and 4096-bit RSA keys could be exposed from 2.5 seconds to 4.2 minutes and from 42 seconds to 1 hour, respectively.

Comments are closed.