Israeli researchers presented a new way to steal data from physically isolated systems

Specialists from Ben-Gurion University (Israel) have developed a method to extract data from physically isolated systems using the Caps Lock, Num Lock and Scroll Lock LED indicators on the keyboard.

The new method is called CTRL-ALT-LED.

For a successful attack, an attacker will need to pre-infect an isolated system with malware, in fact, the CTRL-ALT-LED is just a way to extract data.

“Notably, this exfiltration channel is not monitored by existing data leakage prevention (DLP) systems”, — claim Israeli researchers.

According to the researchers, a malicious program using a custom data transfer protocol can make the LED indicators on a USB-connected keyboard blink at a high speed. Nearby intruders can record these flashes and then decrypt the information using the same modulation scheme that was used to encrypt the data.

A team of researchers tested the method on various devices, including smartphones and smartwatch cameras, surveillance cameras, optical sensors and light sensors.

Read also: The US Coast Guard reported on a hacker attack on one of its ships

In some cases, to launch an attack, an attacker will need to be close to the device in order to record flashes using a smartphone or a smart watch, but video surveillance systems that have a keyboard in sight can also be used for this purpose.

During the experiments, scientists were able to extract data at a speed of 3 thousand bits / s using sensitive light sensors and about 120 bits / s in tests using a conventional smartphone camera. The speed varied depending on the sensitivity of the camera and the distance to the keyboard while the keyboard model did not play a huge role.

“The attack doesn’t require any modification of the keyboard at hardware or firmware levels”, — argue researchers.

According to experts, users have no ground for fears, the new method is mainly dangerous for systems with a high level of protection, for example, for government networks that store sensitive information, or corporate networks containing private information about intellectual property.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button