Hi Guys,

Here is another one straight out of a James Bond movie.

Israeli researcher Mordechai Guri has discovered a new method to steal data from a network using the LED indicators on network cards. He calls the technique ‘ETHERLED,’ and it turns the blinking lights on a network card into Morse code signals that an attacker can decode to read the data coming in and out of a target device. You can read the full research document HERE, but in a nutshell:

What is a network card?
Most private users will not have network cards on their latest laptops as we mainly deal in Wifi (Internet with no cables), but network cards are used in big companies to connect all of their devices.

  • If you are in an office, look at the computer under your desk and look for a network cable running into the back of it. Here you will see the network card, and you will see it flashing lights on and off. These flashing lights represent the data passing through your computer.
  • Or, if you have ever been into the server room of a big company, you will see millions of flashing lights on the routers and switches representing the data flying all around the company.
  • You can also look on the back of your home router, and if there is a network cable attached, you will see lights flashing on and off as your latest Netflix TV show is being streamed to your computer or TV.

How does the hack work?

  • First, the attacker will need to get malware onto your device. This malware is a modified version of the firmware used to control the network card. Without firmware, the network card will not know what to do.
  • Now that they are in control of the network card, they can take control of the LED blinking frequency, duration, and color.
  • The attacker now adds Morse code dots and dashes to the LED lights, and they can also slow the frequency right down, allowing them to read the data as it passes through the network card.
  • The attacker now needs to be able to see the network card so that they can decipher the morse code. To do this, they can use smartphone cameras, drones, hacked webcams, surveillance cameras, or telescopes. (I did say this was out of a James bond film!)

What can be stolen using this method?

  • Anything can be stolen if it passes through the device’s network card.
  • Passwords can be stolen in less than 5 seconds
  • Bitcoin private keys in less than 5 minutes
  • Keylogging at a rate of 2 seconds per key.
  • Basically, everything.

How do you defend yourself from this type of attack?

Most people do not need to be concerned about this attack, but if you are worried, ensure no cameras are pointing at your network card. You can even put a piece of tape over the flashing lights, so they are not visible to anyone.

How does the NSA defend against this type of threat? As per the research document, the NSA’s defense is to ban cameras from their facilities:

TEMPEST attack, taken from the National Security Agency (NSA) jargon, loosely refers to the threat of data leakage from systems and devices through leaked emanations, including electromagnetic, acoustic, and optical. The defensive countermeasures for optical TEMPEST include the restriction of cameras and video recorders in areas with line-of-sight with the sensitive devices. However, many types of equipment, such as surveillance cameras, may be installed to monitor the sensitive areas, so they can not be banned entirely.

Back to Morse code.. deciphering smoke signals are next!! 🙂

All the best,

Max Roberts,
Incognito Privacy Care