| ----------------------------------------
CTRL-ALT-LED keyboard LED attack on airgapped systems
July 11th, 2019
----------------------------------------
|
| So I saw an interesting article on zdnet earlier about keyboard LEDs |
| potentially being used to exfiltrate data on extremely high security
air gapped systems (essentially systems have no network access).
|
| Here's a short synopsis of the article |
| > The attack, which they named CTRL-ALT-LED, is nothing that regular
> users should worry about but is a danger for highly secure environments
> such as government networks that store top-secret documents or enter-
> prise networks dedicated to storing non-public proprietary information.
> The attack requires some pre-requisites, such as the malicious actor
> finding a way to infect an air-gapped system with malware beforehand.
> CTRL-ALT-LED is only an exfiltration method. But once these prerequi-
> sites are met, the malware running on a system can make the LEDs of an
> USB-connected keyboard blink at rapid speeds, using a custom transmis-
> sion protocol and modulation scheme to encode the transmitted data. A
> nearby attacker can record these tiny light flickers, which they can
> decode at a later point, using the same modulation scheme used to
> encode it.
|
| Given previous hypotheticals against airgapped systems using hard disk |
| drive LEDs, I think it's entirely reasonable that folks using systems
requiring this much security should make a few changes to prevent
exfiltration of information via LEDs... For starters I would remove the
keyboard LEDs with an X-ACTO knife, it's a realitively simple operation
to do. If users absolutely need a keyboard indication of whether num/
caps/scroll lock is on, a keyboard manufacturer could easily make old-
style keyboards with mechanical latches for those keys (you gently press
your finger on the lock key to see if it's actually locked or not).
Furthermore the HDD LED should be removed for the same reason, and while
we are at it, the power LED should be removed too. Before you say that
I am mad for advocating power LED removal, hear me out; an external power
LED can be made by handy engineers with ease: an induction coil attached
to the incoming mains of the PSU can be wired into an LED (be sure to use
a filtering capacitor) to determine if the system is powered or not.
Don't take a chance on taping off LEDs, tape can fall off, and some users
compulsively pick at things. Ugh.
As for me, I'm taking the easy way out: if the data is so important that
it requires an airgapped system, I'm not going to put it on any of my
computers to begin with. :)
---------------------------------------- |
| Back to phlog index |
| gopher.zcrayfish.soy gopher root |
| This phlog entry has been read 3179 times.
Future direct comment submission has been disabled for this phlog entry.
Comments are still accepted by email, please send to:
zacharygopher@gopher.zcrayfish.soy
Be sure to include the post title in the subject line! Thanks!
Comments have been left on this post:
everyone should have an airgap machine for making key pairs.
Posted Sat Jul 20 02:12:46 UTC 2019 by 104.244.74.97
------------------------------------------------------------------------
I have an airgap machine for making private keys.
Posted Sat Aug 17 01:21:24 UTC 2019 by 178.17.170.135
------------------------------------------------------------------------ |