xLED malware steals data from router LED bulbs

Malware comes in many different forms these days, but XLED is probably one of the strangest pieces of software malware you’ve ever heard of. It’s capable of infecting a router or switch and then stealing data by flashing the device’s LEDs.

According to Bleeping Computer, the XLED malware was created by a team at the Cybersecurity Research Center at Ben-Gurion University in Israel. The team has previously managed to obtain information from these devices using the LEDs on hard drives and drones. Now targeting routers and switches will allow the security team to obtain the desired data in an easier and faster way, because most routers and switches use several LEDs, and the more LEDs there are, the faster the data will be transferred.

In this method, the victim’s router or switch is first infected with the XLED malware. After the malware is installed, the data is converted to binary format, i.e., the numbers zero and one. At this stage, each LED can act as a transmitter of a single digit of binary code, and in fact, it will display the number one when it is on and the number zero when it is off.

To record data in this case, a camera must be used. Depending on the situation, this camera could be on a drone, inside a secure area, or perhaps one of the security cameras that has already been hacked. As we mentioned, how the camera is used depends on the situation and circumstances.

Reading data using optical sensors is also possible and would apparently yield the best possible results, as these sensors can record changes in LED lights at a higher sampling rate. By combining the use of the XLED malware with the use of optical sensors, data can be obtained from individual LEDs on routers and switches at a rate of 1,000 bits per second from each LED. This means that if the number of LEDs on the router or switch of the victim of this malware is, for example, four, their information can be obtained at a total rate of 4,000 bits per second.

The most difficult step to activate this malware is actually the installation step on the router or switch in question. However, we should not forget that the development of XLED was only part of a research project and the purpose of creating this malware is not to carry out real attacks. Of course, in the future, and with the identification of weaknesses in the network, we may see the use of the malware in question. The production of such malware will cause router and switch manufacturers to make more efforts to maintain the security of their products and prevent the theft of user data using methods similar to the way XLED malware works.