4/30/2023 0 Comments Hard disk led![]() ![]() The encoding scheme they used to transfer data from the HDD LEDs is called on-off keying, which is just one method of visible light communication. Guri's other malware-based attacks on air-gapped computers has shown that data can be leaked from a computer's speakers and fans, FM waves, and heat. "The hard-drive LED flickers frequently, and therefore the user won't be suspicious about changes in its activity." "Our method compared with other LED exfiltration is unique, because it is also covert," Guri said. The beauty of the attack is that HDD LED lights blink anyway, making it easy to conceal that the infected machine is actually transmitting data. We can transmit data in a very fast way at a very long distance," Ben-Gurion researcher Mordechai Guri told Wired. "We found that the small hard-drive indicator LED can be controlled at up to 6,000 blinks per second. According to the researchers, it's an impressive 10 times faster than previous optical covert channels for leaking data from air-gapped computers. That speed is incredibly slow by today's USB standards, but it's more than enough to steal encryption keys or text and binary files. The researchers explain in a new paper that data can be leaked from HDD LEDs at a rate of 4kbps. If those lights are visible from a window, a camera-equipped drone or telescopic lens can capture the signals at a distance. The LEDs flicker when the drive is undergoing read and write operations, but can be made to transmit data visually.Īs Wired reports, the malware that the researchers devised can force an HDD LED to blink 6,000 times per second. Security researchers from Israel's Ben Gurion University have just demonstrated that if an attacker did manage to infect an air-gapped computer, they could steal data semi-remotely at their leisure by using a camera to capture signals from the LED lights of its hard-disk drive (HDD). Besides that, an insider could always insert a USB drive into an air-gapped computer. However, Stuxnet showed air-gaps can be breached. With the AIC backplanes (blue activity, red fail LED) I never liked the blue activity LED's anyways, since the drive power LED's were *also* blue, and the 3Ware 9550's didn't offer a fail out, so I usually set up the fail LED as an activity LED so I get nice visible red activity lights.Air-gapped computers aren't physically connected to any network and so should be protected from remote hackers. If you don't hook up a cable from the controller to the backplane, probably no activity LED's.ĭrive failure lights may also require a separate set of signals, and many boards and backplanes may not support it unless they were designed as a set. JP26 and JP47 provide activity LED signaling from the controller. ![]() Especially where you have a manufacturer's backplane, if you are not using their controllers and their cabling, it may well be your responsibility to work out the wiring and electronics necessary for the activity LED's.įor example, if you look at this Supermicro backplane: Point is, this isn't necessarily a software thing at all. Don't remember what the problem was there, but I remember hating that my Nexenta test box had no activity lights because it was not trivial to hook up the lights. I then ran into it again when I tried taking one of those backplanes and using them with a Supermicro SAT2-MV8 controller. A later rev of the backplane "fixed" that and AIC even started providing 3Ware-compatible cabling eventually. The 3Ware controller, IIRC, presented headers with the drive activity status which then had to be wired to the AIC SATA backplane, but the signal levels were wrong, so we had to have little PCB's designed to piggyback on the AIC backplanes that had (IIRC) TTL inverters on them. Drive LED's are generally a function of your controller, backplane, and drive choices.īack in the mid-2000's, we were selling the AIC 24-drive chassis with some 3Ware 95xx controllers in them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |