@inproceedings{b0b6410112cd4896af27b111eaeb9cff,
title = "Optical covert channel from air-gapped networks via remote orchestration of router/switch LEDs",
abstract = "Air-gapped networks are separated from the Internet due to the sensitive information they stores. It is shown that attackers can use the status LEDs of routers and switches to exfiltrate data optically. However, the current methods require the compromise of the network device (e.g., router) by infecting its firmware. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on non-compromised networking equipment such as LAN switches and routers. We introduce new types of attack called host-level attack, in which a malicious code run in a host connected to the network can indirectly control the LEDs, without requiring a code execution within the LAN switch or router. We present a version of the host-level attack that doesn't require special privileges (e.g., root or admin) and is also effective when running from within a Virtual Machine (VM), despite the network isolation. We provide the technical background and implementation details and discuss set of preventive countermeasures.",
keywords = "air-gap, covert channel, exfiltration, network, optical",
author = "Mordechai Guri",
note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 8th European Intelligence and Security Informatics Conference, EISIC 2018 ; Conference date: 24-10-2018 Through 25-10-2018",
year = "2018",
month = oct,
day = "1",
doi = "https://doi.org/10.1109/EISIC.2018.00016",
language = "American English",
series = "Proceedings - 2018 European Intelligence and Security Informatics Conference, EISIC 2018",
pages = "54--60",
editor = "Joel Brynielsson",
booktitle = "Proceedings - 2018 European Intelligence and Security Informatics Conference, EISIC 2018",
}