* via http://theMezz.com/lists

* subscribe at http://techPolice.com

Researchers: Blinking LEDs leak info
By Robert Lemos
Staff Writer, CNET News.com
March 7, 2002, 3:50 PM PT

The eyes may be the window to the soul, but the blinking LED lights on a modem are 
more forthcoming, two researchers revealed this week in a proposed submission to a 
security journal.
Joe Loughry, an engineer at Lockheed Martin Space Systems and David Umphress, an 
associate professor at Auburn University in Alabama, found that the light-emitting 
diodes on some communications equipment apparently broadcast the data being sent by 
the devices.

Nearly a third of the devices the duo tested leaked information through the 
light-emitting diodes used to show status. The stream of ones and zeros sent by the 
device appear as increases and decreases, respectively, in the intensity of the 
diode--creating a kind of Morse code. While extremely fast, and thus usually 
undetectable to the naked eye, the fluctuations could be easily read using common 
electronics equipment.

Such spying "requires little apparatus, can be done at a considerable distance, and is 
completely undetectable," said the two researchers in a journal article posted on 
Loughry's Web site.

This kind of surveillance would exploit an area of information security known as 
"compromising emissions."

In the past, a great deal of research has focused on the radio-frequency emissions 
from computer monitors as a means to intercept the data being displayed. Known as 
Tempest, that technique isn't very reliable, the two researchers stated in the paper.

In this case, however, an eavesdropper with a direct line of sight to the LED can 
gather up the data being sent.

Loughry had the idea when, walking along Seattle's streets more than six years ago, he 
looked up at the office buildings and saw large racks of equipment with blinking LEDs 
pushed up against the windows.

While the paper will be interesting to many security researchers, the technique poses 
little danger, said one counterintelligence expert. According to James Atkinson, 
president of counterintelligence company Granite Island Group, most modern 
communications equipment sends data far too quickly for an LED to keep up--hence there 
are no noticeable fluctuations in the light's intensity, even when using specialized 

"With the speeds we are operating at, it's virtually impossible to pull the data off 
the device," said Atkinson. "It may have been an issue on slow 300-baud and 1,200-baud 
modems, but it's not a real problem with today's equipment."

Umphress acknowledged that most of the equipment the researchers tested had a 
relatively low bandwidth, topping out at 56kbps modems. Moreover, the most vulnerable 
devices seemed to be modems, not high-speed switches and routers. In fact, not a 
single Ethernet card seemed susceptible to the attack.

The research was only about proving that the threat existed, not about proving the 
security problem was serious, Umphress said. "We proved that you could read the data," 
he said.

While Umphress held out the possibility that high-quality LEDs might make it into 
devices, thus making them susceptible, he admitted that was only speculation. "We 
never tested it in real-life conditions. We tested it in a laboratory setting under 
conditions that we tried to make as realistic as possible."

Apparently the National Security Agency, the federal agency responsible for military 
intelligence and the security of the U.S. government's communications, believes the 
threat to be low-risk. The two researchers gave the paper to the agency nine months 
ago, said Umphress, in case the NSA wanted to classify the work.

Recently, the agency returned with permission to publish, Umpress said. The NSA could 
not immediately comment on the paper.

In any case, LED eavesdropping can be easily avoided, the two researchers said in 
their paper. Moving critical equipment away from windows and into an enclosed space 
should do the trick. Failing that, the aesthetically minded researchers said, "Black 
tape over the LEDs is effective, but inelegant."

DayTips.com - Sign Up Today and Receive FREE GIFTS
 SIGN UP TODAY --->> http://www.daytips.com
<a href="http://www.daytips.com";>AOL USERS</a>

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

This email was sent to: archive@jab.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!

Reply via email to