As with all the online attack vectors that won’t stop evolving, the benefits of the possible measures to target airgapped systems are continously making a handful of smart people coming up with fresh new ways to get the data – of others.
The phenomenon of collecting unintentionally radiated signals associated with comms equipment is a rather well-established discipline, dating back to almost a century. This is what the official lingo calls the TEMPEST measures.
Now a handful of Israeli researchers demonstrated that voice-generating equipment that are having a power LED installed would leak comms trough the minute fluctuations of the power indicator LED lights.
The researchers analyzed a number of commercial prpducts, like speakers and USB hubs and concluded that not only theoratically but practically it is possible to eavesdrop on these by recording the LED strobe.
While obviously it needs a recording device somewhere close by, it opens yet another attack vector, probably even a cirscumstantial one, like hacking the CCTVs installed in the target workspace.
In the current landscape the most widespread non-imvasive technique is the laser microphone aimed at the window panes of the target’s room, but – according to the scientists – this attack vector needs even less specialized equipment, only a photodiode attached to an optical telescope.
“The flickering of power LED output due to changes in voltage – as the speakers consume electrical current – are then could be converted into an electrical signal by the photodiode. And afterwards the electrical signal can then be run through a simple Analog/Digital Converter (ADC) and played back directly.” – according to the inventors.
While this technique is novel, toying with LEDs are not. There are already a lot of fun is being done with LEDs that can convey – for example – what is going on within a CPU or a RAM memory module, which is the exact same spot where all data is present without any encryption.
So, the bottom line is as usual: there is no such thing as encryption or a secret as such, as long as it is not a one-time cipher, period.
Question is, however, when will it be uderstood…?
Be the first to comment on "GLOWWORM: Yet Another Attack Vector Against Airgapped Systems"