"Arrr, matey, insecure transaction off the port bow!"
March 7, 2002 7:01 PM   Subscribe

"Arrr, matey, insecure transaction off the port bow!" Data can be stolen as it is transferred by recording and interpreting the flashing of LED lights on your equipment. Theoretically, then, your data isn't safe within viewing distance of a telescope, unless some engineer comes up with an ingenious workaround.
posted by Hildago (20 comments total)
 
I guess my question is, is this as ridiculous as it sounds?
posted by Hildago at 7:06 PM on March 7, 2002


I have a little LED at the front of my pc that flashes when my pc communicates with the network, i cannot fathom how anyone could determine whether i am accessing files of my network or reading MetaFilter!
posted by Zool at 7:13 PM on March 7, 2002


duct tape really can fix everything!
posted by mcsweetie at 7:15 PM on March 7, 2002


Um yeah....... No. I don't know about every device with LED's, but the LED's on my computer on signify three things -
  • Power On
  • Stand By
  • Hard Drive Read/Write
How anyone would guess what data is being read or written is beyond me.
posted by SweetJesus at 7:19 PM on March 7, 2002


Note the paragraph that says that this only really applies to low-speed connections, so our pcs are basically safe. But still, atms..
posted by Hildago at 7:25 PM on March 7, 2002


Great link. Stupid story.

I can't think of any ATM with its internal computer visible. Can you?
posted by gramcracker at 7:27 PM on March 7, 2002


Here is the actual article.
posted by phatboy at 7:47 PM on March 7, 2002


Is that how the activity light works on a typical network node like a NIC light or the activity light on a router? I doubt it. I think they just blinked depending on how much traffic is going through, not actually showing the ones and zeros like an infrared connection.
posted by skallas at 7:49 PM on March 7, 2002


"EIA/TIA-232-E uses bipolar encoding, with a negative voltage signifying logical “1” and a positive voltage used for logical “0” [Black 1996]. Usually, LEDs are wired to light up for a logical “0” so that they flicker when bits are transmitted, and remain dark when the channel is idle. The fact that the original signal is bipolar is immaterial. As long as the LED is fast enough to faithfully reproduce the timing of bit transitions, the optical output will contain all of the information in the original EIA/TIA-232-E signal."

Wow. The LEDs on 30% of machines actually signal the binary of the code going through. Wow.
posted by Neale at 8:10 PM on March 7, 2002


Interesting. Now that I've glanced at the paper .... first, no LAN cards tested did this, but many of the modems did. He's also looking at some specific instances, e.g. the login procedure would have a known pattern surrounding the username/password, which could be detected, and thus allowing a break-in. He's not talking, so much, about reading all the data that goes through, just the data that would compromise security.
posted by dhartung at 8:17 PM on March 7, 2002


It seems that wiring a capacitor to your LED would solve the problem. The LED will still flash, but the delays introduced by charging and discharging would probably make it impossible to decode data.
posted by Eamon at 8:23 PM on March 7, 2002


This only works for devices which have an LED that blinks as it is sending or receiving data (which the author of the report calls a Class III LED). I have a modem that works like that, and you can see the transmit/receive LEDs blinking so quickly they only look half-lit.
In the report phatboy links, the author states that it didn't work on any of the LAN equipment they encountered, since the LEDs are lit longer than necessary to show traffic, since it would blink to quickly too comprehend otherwise. I think the author says that they have "seccessfully recovered error-free data at speeds up to 56 kb/s," but that LEDs would theoretically be capable of showing data at speeds up to 10Mbits/s.
Sitting here looking at my modem blink away, it really seems amazing that nobody has thought of this before, as this is one of those things that seems extremely obvious once it is pointed out to you: If you have a light that blinks every time a bit is sent, you can record the blinking light and reconstruct the data that was sent. Of course, the author did go through some trouble to accurately record the blinking light at a distance, and at high speeds, but the concept is basically just that.
This was linked to on cryptome a little while ago, along with another semi-related report which I find even more extraordinary - how to read a monitor from the light reflected off a wall.
posted by Nick Tamm at 8:30 PM on March 7, 2002


It seems that wiring a capacitor to your LED would solve the problem.

Can you wire a capacitor to a LED? LEDs are and inherently DCish aren't they?
Probably the easiest solution would be to get LEDs with shorter rise times, i.e. crappier ones.
posted by phatboy at 8:33 PM on March 7, 2002


I like your intro, Hildalgo.
posted by ParisParamus at 8:34 PM on March 7, 2002


Don't forget, phatboy, all circuits are analog. LEDs are still diodes (that happen to be Light Emitting), and a capacitor (or inductor) should still introduce sufficient delay to make individual bits indistinguishable, yet still allow the lamp to "blink" enough to provide visual feedback to the computer user.
posted by Eamon at 11:01 PM on March 7, 2002


how to read a monitor from the light reflected off a wall.
This keeps getting better - look at the pictures in that article! Next thing you know they'll be looking at the reflection in my eyes. Or watch my fingers as I type my password. BTW, I think the capacitor would work, or you could just use small light bulbs instead of LED's.
posted by thijsk at 2:15 AM on March 8, 2002


Wouldn't timing be a problem? If the LED lit continuously for a long string of 0's, the remote decoder would need to know the exact timing to be able to know how many 1s that represented. Doesn't the timing vary constantly with the connection? (Pardon my ignorance here) Or does that only vary in distinct chunks which could be identified by a remote?
posted by HTuttle at 3:49 AM on March 8, 2002


HTuttle: that's a good point. Unfortunately, you have the same problem whether you're trying to receive data by watching the LED blink or by listening to the other end of the wire. Many serial protocols take measures to prevent a continuous stream of identical bits from ever being sent. Here's a simple description of one such protocol, which encodes eight data bits into ten transmission bits. An LED attached to such a wire would flash no matter what data was being transmitted.

-Mars
posted by Mars Saxman at 8:19 AM on March 8, 2002


I dunno. If I were doing firmare for a NIC, i'd be more likely to write it so that at the start of packet send, toggle the light and at the end of packet send toggle it back and not on bit boundaries. The hardware hack is cute, but it doesn't let you get double duty from the indicator (like real diagnostics instead of idiot lights).
posted by plinth at 11:37 AM on March 8, 2002


Of course, who cares about trying to figure out what the blinkies mean, when you can use a Pringles can to detect wireless networks!
posted by briank at 12:21 PM on March 8, 2002


« Older Photos Show Plane Hitting Pentagon   |   What rough peep, its hour come round at last, Newer »


This thread has been archived and is closed to new comments