June 7, 2017 by

xLED Malware Steals Secure Data Using Router LEDs

A newly discovered malware developed specifically for routers or a network switch has the ability to take over the compromised devices’ LEDs to use them to transmit data in binary to a nearby attacker or recording camera.

A new report by Bleeping Computer puts the spotlight on xLED, an entirely bizarre but ingenious malware that steals data from secure networks before transmitting it by flashing the device’s LEDs.

The exploit is created by a team of cybersecurity researchers in Israel, making it the work of white-hat hackers.

Titled xLED, the malware was developed and named by the team of researchers and tasked to intercept specific data passing through the router. From there, on in, the malware breaks down the data into its binary format, with the LED turned on representing binary “1” and the blank LED showing to be a binary “0”. This would be visible to an attacker, be it a company insider or recording equipment like CCTV cameras or camera-mounted drones.

The researchers claim that they tested a number of recording configurations including optical sensors, smartphone cameras, wearable or hidden cameras, CCTV cameras and more.  The best results were achieved through optical sensors, according to researchers. This is because they are particularly capable of sampling LED signals at high frame-capture rates, exfiltrating data at a rate of over 1000 bits/sec for every LED. A typical modern router has at least 5 LEDs, which allows the speed of exfiltrating data see a significant increase.

In a published research paper, researchers wrote:

Optical sensors are used to measure the light levels and can be sampled at very high rates, hence allowing reception of data at a higher bit rate than standard cameras.

A demonstration of the malware compromising a TP-Link router can be found below:

The biggest hurdle for the attacker would be installing the malware in the targeted router in the first place.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Download.com Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Cybercriminals Spoof Millions of Printers, Scanners to Spread Malware

Security researchers have discovered cybercriminals spoofing millions of scanners to launch attacks...

Read more arrow_forward