Home router
Security researchers created a proof-of-concept malware that can hijack the device's LEDs and use it to leak your data. iStock

Security researchers have created a proof-of-concept malware that exploits the tiny, blinking LEDs on your wireless router to secretly leak data to a nearby attacker. A team at Ben-Gurion University's Cybersecurity Research Center (CSRC) demonstrated how these LEDs could be exploited by a malware they created called xLED, which is designed to infect a router and gain full control of its LEDs that usually flash to indicate the device's status.

Status LEDs on common routers display various information about the wireless connection such as mode, speed, status and alerts. In a new research paper titled,"xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs"

To carry out the attack, researchers executed the malicious code within a targeted router to gain control of the status LEDs and modify the firmware on the router. Once modified, the malware can then program the LEDs to flash at fast speeds – over 1,000 flickers per second for each LED – and transmit sensitive data in a binary format to a nearby attacker who can capture it using a remote camera or light sensor.

"Sensitive data can be encoded and sent via the LED light pulses in various ways," Dr. Mordechai Guri, the CSRC's head of research and development who led the study, said in a statement. "An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED's activity and decode the signals.

"Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored. As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods."

A typical router or network switch usually includes six or more status LEDs, which means the transmission rate can be multiplied and speed up the rate at which the data is transmitted and stolen. If a router has six status LEDs, for example, the transmission rate would rise to 6000 bits per second via the fast, blinking LED signals.

Researchers suggested a few countermeasures such as placing black tape over the status LEDs to physically block the optical emanation, placing the equipment in classified rooms that can be accessed by authorized staff, device and cable shielding or window shielding using a special window film.

The researchers have previously explored various other hacking techniques and methods of stealing data via vulnerable electronic devices, particularly IoTs. They have also demonstrated how malware could be used to steal data from computer speakers, headphone jacks, computer fans, hard drives, LED lights on computers, 3D printers and more. They also suggested making sure the firmware on your router is updated to help mitigate any possible cyberattacks.