June 7, 2017 by

xLED Malware Steals Secure Data Using Router LEDs

A newly discovered malware developed specifically for routers or a network switch has the ability to take over the compromised devices’ LEDs to use them to transmit data in binary to a nearby attacker or recording camera.

A new report by Bleeping Computer puts the spotlight on xLED, an entirely bizarre but ingenious malware that steals data from secure networks before transmitting it by flashing the device’s LEDs.

The exploit is created by a team of cybersecurity researchers in Israel, making it the work of white-hat hackers.

Titled xLED, the malware was developed and named by the team of researchers and tasked to intercept specific data passing through the router. From there, on in, the malware breaks down the data into its binary format, with the LED turned on representing binary “1” and the blank LED showing to be a binary “0”. This would be visible to an attacker, be it a company insider or recording equipment like CCTV cameras or camera-mounted drones.

The researchers claim that they tested a number of recording configurations including optical sensors, smartphone cameras, wearable or hidden cameras, CCTV cameras and more.  The best results were achieved through optical sensors, according to researchers. This is because they are particularly capable of sampling LED signals at high frame-capture rates, exfiltrating data at a rate of over 1000 bits/sec for every LED. A typical modern router has at least 5 LEDs, which allows the speed of exfiltrating data see a significant increase.

In a published research paper, researchers wrote:

Optical sensors are used to measure the light levels and can be sampled at very high rates, hence allowing reception of data at a higher bit rate than standard cameras.

A demonstration of the malware compromising a TP-Link router can be found below:

The biggest hurdle for the attacker would be installing the malware in the targeted router in the first place.

Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

Here are the 10 Most Malware Infected States in the Country

A new report has canvassed more than 1.5 million malware infections in the United States to reveal...

Read more arrow_forward

The Growing Insider Threat

A security threat originating from within the organization which is targeted or attacked is an...

Read more arrow_forward