Exfiltration of Data from Air-gapped Networks via Unmodulated LED Status Indicators

The light-emitting diode(LED) is widely used as an indicator on the information device. Early in 2002, Loughry et al studied the exfiltration of LED indicators and found the kind of LEDs unmodulated to indicate some state of the device can hardly be utilized to establish covert channels. In our paper, a novel approach is proposed to modulate this kind of LEDs. We use binary frequency shift keying(B-FSK) to replace on-off keying(OOK) in modulation. In order to verify the validity, we implement a prototype of an exfiltration malware. Our experiment show a great improvement in the imperceptibility of covert communication. It is available to leak data covertly from air-gapped networks via unmodulated LED status indicators.

[1]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[2]  Michael Hanspach,et al.  On Covert Acoustical Mesh Networks in Air , 2014, J. Commun..

[3]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[4]  Mordechai Guri,et al.  GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies , 2015, USENIX Security Symposium.

[5]  Mordechai Guri,et al.  Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers , 2016, ArXiv.

[6]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[7]  Lothar Thiele,et al.  On the capacity of thermal covert channels in multicores , 2016, EuroSys.

[8]  Diego F. Aranha,et al.  Platform-agnostic Low-intrusion Optical Data Exfiltration , 2017, ICISSP.

[9]  David A. Umphress,et al.  Information leakage from optical emanations , 2002, TSEC.

[10]  Mordechai Guri,et al.  Exfiltration of information from air-gapped machines using monitor's LED indicator , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[11]  Kim-Kwang Raymond Choo,et al.  Bridging the Air Gap: Inaudible Data Exfiltration by Insiders , 2014, AMCIS.

[12]  Mordechai Guri,et al.  LED-it-GO: Leaking (A Lot of) Data from Air-Gapped Computers via the (Small) Hard Drive LED , 2017, DIMVA.

[13]  Srdjan Capkun,et al.  Thermal Covert Channels on Multi-core Platforms , 2015, USENIX Security Symposium.

[14]  Ji Won Yoon,et al.  Various Threat Models to Circumvent Air-Gapped Systems for Preventing Network Attack , 2015, WISA.

[15]  Mordechai Guri,et al.  Acoustic Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard-Drive Noise ('DiskFiltration') , 2017, ESORICS.

[16]  Mordechai Guri,et al.  USBee: Air-gap covert-channel via electromagnetic emission from USB , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[17]  Mordechai Guri,et al.  Bridging the Air-Gap by Manipulating the Environment Temperature , 2017 .

[18]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[19]  Mordechai Guri,et al.  xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs , 2017, ArXiv.

[20]  Mordechai Guri,et al.  AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies , 2014, 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE).