Security News > 2022 > August > ETHERLED: Air-gapped systems leak data via network card LEDs
Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards.
These systems work in air-gapped networks and still use a network card.
The ETHERLED method can work with other peripherals or hardware that use LEDs as status or operational indicators like routers, network-attached storage devices, printers, scanners, and various other connected devices.
Compared to previously disclosed data exfiltration methods based on optical emanation that take control of LEDs in keyboards and modems, ETHERLED is a more covert approach and less likely to raise suspicion.
The malware can directly attack the drive for the network interface controller to change connectivity status or to modulate the LEDs required for generating the signals.
The time needed to leak secrets such as passwords through ETHERLED ranges between 1 second and 1.5 minutes, depending on the attack method used, 2.5 sec to 4.2 minutes for private Bitcoin keys, and 42 seconds to an hour for 4096-bit RSA keys.