Security researchers develop malware to steal data through HDD indicator LED

Researchers of the Cyber Security Research Center of the Israeli Ben-Gurion University have developed a new type of malware that can steal data such as passwords and encryption keys through the LED indicator of the hard disk drive at relative high speed.

Where most computers are attacked over the internet, this method also works when the computer is offline. The malware developed by the researchers is able to blink the HDD LED up to 5800 times per second while being invisible to the human eye. Sensitive data can be encoded by the malware and then transferred through another device by blinking the HDD LED. The researchers call their malware LED-it-GO (PDF).

To receive the data encoded by the HDD LED the researchers used a drone but also other devices with a camera can be used, as long as they are in the line of sight of the HDD LED. Through the technology it’s possible to send up to 4000 bits per second. “This is 10 times faster than other air-gap covert channels relying on optical emissions,” according to the researchers referring to other creative methods that have been in the news to steal data such as through the speakers of a PC, the speed of the fan, the emitted heat etc. etc.

To protect computers against the LED-it-GO attack the security researchers advise to forbid the usage of camera’s near computers with sensitive data, or to cover or disable the HDD LED or make sure the computer is not visible from the outside