Security researchers develop malware to steal data through HDD indicator LED

Posted 22 February 2017 18:05 CEST by Jan Willem Aldershoff

Researchers of the Cyber Security Research Center of the Israeli Ben-Gurion University have developed a new type of malware that can steal data such as passwords and encryption keys through the LED indicator of the hard disk drive at relative high speed.

Where most computers are attacked over the internet, this method also works when the computer is offline. The malware developed by the researchers is able to blink the HDD LED up to 5800 times per second while being invisible to the human eye. Sensitive data can be encoded by the malware and then transferred through another device by blinking the HDD LED. The researchers call their malware LED-it-GO (PDF).

To receive the data encoded by the HDD LED the researchers used a drone but also other devices with a camera can be used, as long as they are in the line of sight of the HDD LED. Through the technology it’s possible to send up to 4000 bits per second. “This is 10 times faster than other air-gap covert channels relying on optical emissions,” according to the researchers referring to other creative methods that have been in the news to steal data such as through the speakers of a PC, the speed of the fan, the emitted heat etc. etc.

To protect computers against the LED-it-GO attack the security researchers advise to forbid the usage of camera’s near computers with sensitive data, or to cover or disable the HDD LED or make sure the computer is not visible from the outside

Posted on: 22 Feb 17 17:43
Now, apart from very resourceful actors in the scene of surveillance and would only be interesting for targeted attacks I guess.
Still, it provides proof of concept as to what is possible and why we should be really cautious about sudden changes on our machine. Today there's even laptops without a HD LED indicator
0 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post. settings

Several settings at can be changed, they are stored in cookies, which means they will be reset if you clear cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page