SoylentNews is people
SoylentNews
from the if-they-have-physical-access,-they-have-everything dept.
Apparently anything on a PC that makes noise or light is fair game for exploitation to breach air gapped PCs.
Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs).
Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from or written to the disk. The blinking frequency and duration depend on the type and intensity of the operation being performed.
According to researchers, a piece of malware can indirectly control the LED using specific read/write operations. More precisely, the size of the buffer being written or read is proportional to the amount of time the LED stays on, while sleeping causes the LED to be turned off. Experts have determined that these LEDs can blink up to 6,000 times per second, which allows for high data transmission rates.
The state of the LED can be translated into "0" or "1" bits. The data can be encoded using several methods: LED on is "1" and LED off is "0" (OOK encoding), off and on is "0" and on and off is "1" (Manchester encoding, which is slower but more reliable), or on for a certain duration is "1" and on for a different duration is "0" (Binary Frequency Shift Keying).
A piece of malware that is installed on the targeted air-gapped device can harvest data and exfiltrate it using one of these encoding systems. As for reception and decoding, the attacker must find a way to observe the targeted device's activity LED, either using a local hidden camera, a high-resolution camera that can capture images from outside the building, a camera mounted on a drone, a compromised security camera, a camera carried by a malicious insider, or optical sensors.
(Score: 4, Interesting) by VLM on Friday February 24 2017, @03:14PM
how fast CAN you modulate an led? hint, a bit above audio range but NOT even close into entry-level RF range.
Depends how you define entry-level RF. You might be surprised. Obviously this is for non-phosphor LEDS, like plain red. Long duration phosphors would seem to limit some older tech white LEDs to like "Hz" level modulation. Probably.
Just a simple transistor will get you up to "MHz" but eventually the capacitance across the LED will be an issue. Or it was in the old days. How do you shut something off when its got a built in source of current longer than your off periods? Well, there are ways...
With a single transistor you can play the usual analog games old as dirt in every application where the DC bias of the emitter is set by a resistor but the AC performance is set by a cap and resistor so you set the DC bias with the emitter resistor to something sane for that LED in its midpoint, like hundreds of ohms, then essentially overmodulate the hell out of it using a cap thats practically zero AC impedance at freq with a fairly low AC emitter resistor like tens of ohms. This takes you thru the HF band roughly.
You can go into VHF or maybe VERY low UHF range if you get a very expensive high freq opamp with decent current and slew specs and just do the textbook dumb "voltage to current converter" and it'll work plus or minus the usual "I done made me an oscillator without even trying" stuff. The kind of thing that can drive a video or baseband signal down a 1000 feet of coax will laugh at a mere LED.
As a hint to the people who think FET H-bridges are the thing, high power h-bridge that can laugh at the impedance of an LED are slow, and fast ones turn it from a "how to I drive a LED really fast" to a "how do I drive a FET really fast" which admittedly is a lot easier but its not like a complete get out of jail free card.
Two side issues to keep in mind... driving a LED 100% modulation is tough, really tough, but like 80% modulation is way easier. From memory driving a LED from like 10% to 90% brightness is "easy" but driving in the 0 to 10% range is hard and avoiding the 90-100 range gives you headroom. If 50 mA will blow a junction at DC, its not like 55 mA at 150 MHz is somehow more survivable.
Another issue is its like going back to the 60s surplus textbooks I had as a kid and anyone younger than I donno 50 is probably surprised "a diode" can have a PIV rating lower than like 500 or 1000 volts (other than zeners duh) but some LEDs are ridiculous low and I seem remember in the bad old days of the earliest blues like a quarter century ago that some had LOWER PIV ratings than forward biased Vf... crazy. So yeah you think hooking up a LED to a 48 volt H-bridge is one admittedly violent way to deal with shoving enough peak current thru for a very short pulse, but the PIV of a LED is probably too low to survive the very first negative going cycle no matter how well the positive going cycle should have looked (unless times have recently changes)
Think like, emitter followers or avalanche mode switching and shunts in general, not so much class C bipolar amps and series in general.
Oh what else is fun... forget linear operation, LEDs are just linear enough to look not so ugly on the graph but not clean enough for like multi-octave hifi analog broadband that's why nobody uses them for (admittedly obscure) short range analog laser fiber optics.
One of the first insights you'll run into is when shunt drivers give "better" performance than series driving because transistors can "suck the current out" in shunt mode really well. Obviously when talking shunt drivers your figure of merit is like high frequency modulation of high brightness light, not "normal" LED driver figures of merit like low leakage current when off or high efficiency at turning DC into zero modulation light. So a good high freq drive circuit won't look much like a circuit for "I'm making a microcontroller LED blinkie"
Obviously if by "entry level RF range" you're one of those guys who sees anyone operating below SMA connector resonance or doesn't own a wire bonding machine for bare dies as a hopeless degenerate prole, well, whatever, but yeah LEDs with some care in the driver circuit design are good to like "GHz" range. Lasers of course go much faster for a given complexity of driver ckt, but they cost too much and life is too short and they get too hot blah whatever.
Googling around this seems to be an occasionally discussed scenario. A couple decades ago IrDA was a thing so you still see old timer discussion about running IR LEDs at 64 MHz or whatever hi speed mode was for IrDA. IrDA never worked in the field because of driver level issues not LED modulation issues.
Reviving something like a 2020 IrDA with better code that actually works might be interesting for the arduino generation. Simpler than QR codes, simpler and cheaper than RF, at tabletop scale not a bad idea at all for modest data rates (like under 100 MB/s)
I seem to recall near the death of FDDI there were some LED transmitters for FDDI that met spec, although I don't remember if that was shipping or vaporware trolling from marketing. FDDI for the arduino generation would be an interesting concept too.
(Score: 2, Funny) by Scruffy Beard 2 on Friday February 24 2017, @04:13PM
I was assuming TFA was talking about unmodified PC hardware.
But I suppose if you have access to install a high-speed camera, you may have access to install custom LED circuitry as well.