Israeli researchers presented a new way to steal data from physically isolated systems

Specialists from Ben-Gurion University (Israel) have developed a method to extract data from physically isolated systems using the Caps Lock, Num Lock and Scroll Lock LED indicators on the keyboard.

For a successful attack, an attacker will need to pre-infect an isolated system with malware, in fact, the CTRL-ALT-LED is just a way to extract data.

“Notably, this exfiltration channel is not monitored by existing data leakage prevention (DLP) systems”, — claim Israeli researchers.

According to the researchers, a malicious program using a custom data transfer protocol can make the LED indicators on a USB-connected keyboard blink at a high speed. Nearby intruders can record these flashes and then decrypt the information using the same modulation scheme that was used to encrypt the data.

A team of researchers tested the method on various devices, including smartphones and smartwatch cameras, surveillance cameras, optical sensors and light sensors.

Read also: The US Coast Guard reported on a hacker attack on one of its ships

In some cases, to launch an attack, an attacker will need to be close to the device in order to record flashes using a smartphone or a smart watch, but video surveillance systems that have a keyboard in sight can also be used for this purpose.

During the experiments, scientists were able to extract data at a speed of 3 thousand bits / s using sensitive light sensors and about 120 bits / s in tests using a conventional smartphone camera. The speed varied depending on the sensitivity of the camera and the distance to the keyboard while the keyboard model did not play a huge role.

“The attack doesn’t require any modification of the keyboard at hardware or firmware levels”, — argue researchers.