New CTRL-ALT-LED technique can allow threat actors to exfiltrate data from secure air-gapped systems
- The newly discovered CTRL-ALT-LED is only an exfiltration method.
- In order to carry out the attack, the attackers should find out a way to infect an air-gapped system with malware beforehand.
Academics have come up with a new technique named CTRL-ALT-LED that can allow threat actors to pilfer sensitive data from a secure air-gapped system. The technique leverages the Caps Lock, Num Lock, and Scroll Lock LEDs on a keyboard.
How does it work?
According to the research team: Mordechai Guri, Boris Zadov, Dima Bykhovsky, and Yuval Elovici, the CTRL-ALT-LED is only an exfiltration method.
In order to carry out the attack, the attackers should find out a way to infect an air-gapped system with malware beforehand. Once the prerequisites are met, the malware running on the system can make the LEDs of an USB-connected keyboard blink at rapid speed.
A nearby attacker can record these light flickers to decode the encoded transmitted data.
The experiment was performed using various optical devices such as smartphone cameras, a smartwatch’s camera, a security camera, extreme sports cameras, and even high-grade optical/light sensors.
During the experiments, the research team from the Ben-Gurion University in Israel said that data speed varied depending on the camera’s sensitivity and distance from the keyboard.
While sensitive light sensors allowed the transfer of data at speeds up to 3000 bit/sec, it decreased when the optical device was changed to a normal smartphone camera (120 bit/sec). The bit error rates in recovering the stolen data varied between 3% and 8%.