March 7, 2002 3:50 PM PST
Researchers: Blinking LEDs leak info
Joe Loughry, an engineer at Lockheed Martin Space Systems and David Umphress, an associate professor at Auburn University in Alabama, found that the light-emitting diodes on some communications equipment apparently broadcast the data being sent by the devices.
Nearly a third of the devices the duo tested leaked information through the light-emitting diodes used to show status. The stream of ones and zeros sent by the device appear as increases and decreases, respectively, in the intensity of the diode--creating a kind of Morse code. While extremely fast, and thus usually undetectable to the naked eye, the fluctuations could be easily read using common electronics equipment.
Such spying "requires little apparatus, can be done at a considerable distance, and is completely undetectable," said the two researchers in a journal article posted on Loughry's Web site.
This kind of surveillance would exploit an area of information security known as "compromising emissions."
In the past, a great deal of research has focused on the radio-frequency emissions from computer monitors as a means to intercept the data being displayed. Known as Tempest, that technique isn't very reliable, the two researchers stated in the paper.
In this case, however, an eavesdropper with a direct line of sight to the LED can gather up the data being sent.
Loughry had the idea when, walking along Seattle's streets more than six years ago, he looked up at the office buildings and saw large racks of equipment with blinking LEDs pushed up against the windows.
While the paper will be interesting to many security researchers, the technique poses little danger, said one counterintelligence expert. According to James Atkinson, president of counterintelligence company Granite Island Group, most modern communications equipment sends data far too quickly for an LED to keep up--hence there are no noticeable fluctuations in the light's intensity, even when using specialized equipment.
"With the speeds we are operating at, it's virtually impossible to pull the data off the device," said Atkinson. "It may have been an issue on slow 300-baud and 1,200-baud modems, but it's not a real problem with today's equipment."
Umphress acknowledged that most of the equipment the researchers tested had a relatively low bandwidth, topping out at 56kbps modems. Moreover, the most vulnerable devices seemed to be modems, not high-speed switches and routers. In fact, not a single Ethernet card seemed susceptible to the attack.
The research was only about proving that the threat existed, not about proving the security problem was serious, Umphress said. "We proved that you could read the data," he said.
While Umphress held out the possibility that high-quality LEDs might make it into devices, thus making them susceptible, he admitted that was only speculation. "We never tested it in real-life conditions. We tested it in a laboratory setting under conditions that we tried to make as realistic as possible."
Apparently the National Security Agency, the federal agency responsible for military intelligence and the security of the U.S. government's communications, believes the threat to be low-risk. The two researchers gave the paper to the agency nine months ago, said Umphress, in case the NSA wanted to classify the work.
Recently, the agency returned with permission to publish, Umpress said. The NSA could not immediately comment on the paper.
In any case, LED eavesdropping can be easily avoided, the two researchers said in their paper. Moving critical equipment away from windows and into an enclosed space should do the trick. Failing that, the aesthetically minded researchers said, "Black tape over the LEDs is effective, but inelegant."