Cyber Eye: Does your modem have loose lips?
- By William Jackson
- Apr 26, 2002
As if the government didn't already have enough security worries, researchers have discovered that the light-emitting diodes that show computer operations status are leaking data.
'The idea of an LED is to give status,' said David Umphress, software engineering professor at Auburn University in Alabama. 'But in fact what it is doing in many cases is responding to information. It can flash at such a rate that it telegraphs what is being transmitted.'
Umphress and a former student, Joe Loughry, a programmer at Lockheed Martin Space Systems in Denver, turned sensitive detectors on 39 computers with LED status lights. They saw more than meets the eye.
'We found a very close correlation' between the LED flashes and the data streams passing through the computers, he said.
The highest correlation was for modems, but two network routers' LEDs also flashed in time with the bits they were transmitting. Results were readable with a telescope 22 feet away from the LEDs.
The work will be published in August in 'Transactions on Information and Systems Security,' a journal of the Association for Computing Machinery.
Umphress said a literature search turned up no other work on the subject. Some experts are not surprised, however.
'It's possible,' said Fred Pilon, spokesman for optical equipment manufacturer StockerYale Inc. of Salem, N.H. After all, LEDs are used to light up fiber-optic telecommunications cabling, he said.
LEDs in fact are semiconductors that produce photons'light'when electrons move across a circuit junction. They use little power, generate little heat and can be very sensitive.
The National Security Agency apparently is taking the research seriously. 'They sequestered it and held it for about six months' before releasing the article for publication, Umphress said.
Loughry said, 'I suspect they've known about this for 20 years.'
Before you get too worried, however, there is no indication that anyone has thought of a way to exploit this discovery. LEDs apparently do not present a big security exposure.
'It seems to be more of a curiosity at this stage,' Umphress said.
An eavesdropper would need a clear line of sight to a vulnerable LED, and any encrypted data would remain encrypted. Eavesdropping would be most effective on low-speed, single-user devices such as modems. Faster devices would be harder to read, and with multiuser devices such as routers, an eavesdropper would have to pick out each sender's packets and reassemble them to learn anything.
'It becomes more difficult to pull out the data' blinked by complex devices, Umphress said.
Believe it or not, there's already a patch for this vulnerability. You can't download it, but you can apply some duct tape. That should stop any LED data leakage, Umphress said.
William Jackson is freelance writer and the author of the CyberEye blog.