It is possible for any common network router to secretly leak sensitive information such as employee passwords or company data, according to recent research from experts at Ben-Gurion University of the Negev (BGU) Cyber Security Research Center (CSRC).

In a research paper published by the university, researchers explained how they used the LED light on a network router to covertly send data. Using a proprietary form of malware, the team was able to override the router and control the LED that is traditionally used to convey the status of the device, a BGU press release said.

SEE: Network security policy template (Tech Pro Research)

The LEDs on these devices are typically used to alert the user to activity or power status, but they are often ignored by end users. BGU’s malware, called xLED, injects a foreign firmware into the router, which gives the attacker control over the LED, the report said, which can then be flashed in a pattern to send information.

“Sensitive data can be encoded and sent via the LED light pulses in various ways,” said Mordechai Guri, the head of research and development at the BGU CSRC, in the release. “An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED’s activity and decode the signals.”

In a video demonstration provided by BGU, researchers exfiltrate data on a TP-Link router. According to the paper abstract, data can be leaked at rates of 10 bit/sec to more than 1 Kbit/sec per each LED.

At a more general level, BGU’s xLED malware can make the router LEDs flash at more than 1,000 flickers per second for each light. This gets multiplied by the number of LEDs available on the router, leading to significant amounts of data leakage, the release said.

The issue presented here is that the physical channel of LEDs aren’t typically monitored as heavily as network data, for example, Guri said in the release. Using this method, hackers can circumvent firewalls and other methods to get the data out, the release said.

In a similar experiment, BGU researchers used a drone to steal data from an air-gapped computer by watching the hard drive light on a machine that had been hacked to exfiltrate data as well.

The 3 big takeaways for TechRepublic readers

  1. BGU CSRC researchers used a form of malware to hack a network router and exfiltrate data through the blinking LEDs on the device itself.
  2. In a video provided by researchers, they explained that the data can be stolen at a rate of up to 1 Kbit/sec per each LED.
  3. The BGU researchers have also stolen data from the LEDs on an air-gapped computer, using a drone to video the machine from afar.