Malware can appear in many forms and use various techniques, but the xLED malware is very unusual and novel. This malware has the capability to infect a router or a switch in order to steal information by flashing LEDs.
According to the researchers at Bleeping computer, the xLED was established and engineered by an Israeli-based team at the Cyber Security Research Center at the Ben-Gurion University. The team has experience using LED on a drive and a drone to record the information. However, routers and switchers enable attackers to perform larger volume data capture due to more LEDs.
The video illustrates the xLED working principle in order to covert data exfiltration using router LEDs: https://www.youtube.com/watch?v=mSNt4h7EDKo
Once the target router or switch is infected with malware, the data theft proceeds by converting information into numerous formations of ones and zeros. Then, every single LED on the device refers a binary digit. If the LED is on, it stands for one, and when it is off, it marks a zero.
A camera is also required to monitor the information. So, in this case, a drone can be used to look through a window, corrupt a security guard to set up a camera or hack a security camera. The monitoring technique depends on the situation.
In addition to that, applying optical sensors provides the best recording results. Optical sensors are able to record the LED flashings at a larger sampling rate. The combination of optical sensors and multiple LEDs, which monitor an individual router or switch, helped researchers reach a data stealing rate of 1,000 bits per second per LED.
However, there are some difficulties with this malware procedure, including installing it and infecting the router or switch. In addition, xLED is only an aim of the research and not an actual attack vector, but manufacturers should keep this in mind as a potential weakness in the network.