Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems

A researcher from the Ben-Gurion University of the Negev in Israel has published a paper describing a method that can be used to silently exfiltrate data using the LEDs of various types of networked devices.

The new attack has been dubbed ETHERLED and relies on the LEDs attached to the integrated network interface controller (NIC) of devices such as PCs, servers, printers, network cameras, and embedded controllers.

The attacker needs to somehow manage to gain access to the targeted air-gapped device and plant a piece of malware that collects sensitive data and uses a covert channel to exfiltrate it to the attacker.

Researcher Mordechai Guri showed that an attacker could transmit sensitive information such as passwords, encryption keys and even text files.