Optical covert channel from air-gapped networks via remote orchestration of router/switch LEDs

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Air-gapped networks are separated from the Internet due to the sensitive information they stores. It is shown that attackers can use the status LEDs of routers and switches to exfiltrate data optically. However, the current methods require the compromise of the network device (e.g., router) by infecting its firmware. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on non-compromised networking equipment such as LAN switches and routers. We introduce new types of attack called host-level attack, in which a malicious code run in a host connected to the network can indirectly control the LEDs, without requiring a code execution within the LAN switch or router. We present a version of the host-level attack that doesn't require special privileges (e.g., root or admin) and is also effective when running from within a Virtual Machine (VM), despite the network isolation. We provide the technical background and implementation details and discuss set of preventive countermeasures.

Original languageAmerican English
Title of host publicationProceedings - 2018 European Intelligence and Security Informatics Conference, EISIC 2018
EditorsJoel Brynielsson
Pages54-60
Number of pages7
ISBN (Electronic)9781538694008
DOIs
StatePublished - 1 Oct 2018
Event8th European Intelligence and Security Informatics Conference, EISIC 2018 - Karlskrona, Sweden
Duration: 24 Oct 201825 Oct 2018

Publication series

NameProceedings - 2018 European Intelligence and Security Informatics Conference, EISIC 2018

Conference

Conference8th European Intelligence and Security Informatics Conference, EISIC 2018
Country/TerritorySweden
CityKarlskrona
Period24/10/1825/10/18

Keywords

  • air-gap
  • covert channel
  • exfiltration
  • network
  • optical

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Law
  • Information Systems

Fingerprint

Dive into the research topics of 'Optical covert channel from air-gapped networks via remote orchestration of router/switch LEDs'. Together they form a unique fingerprint.

Cite this