# ("Oops! Had the silly thing in reverse")---Optical injection attacks in   through LED status indicators

**Authors:** Joe Loughry

arXiv: 1907.00479 · 2019-07-02

## TL;DR

This paper demonstrates that LED status indicators on IoT devices can be exploited as a covert optical channel to inject information, revealing a new security vulnerability with practical attack feasibility.

## Contribution

It introduces a novel optical injection attack method via LED indicators on microcontrollers, expanding understanding of IoT security risks and potential covert channels.

## Key findings

- Feasibility of optical covert channel demonstrated
- Bandwidth approaching 1 Mbit/s achievable
- Reversible LEDs on GPIO pins identified

## Abstract

It is possible to attack a computer remotely through the front panel LEDs. Following on previous results that showed information leakage at optical wavelengths, now it seems practicable to inject information into a system as well. It is shown to be definitely feasible under realistic conditions (by infosec standards) of target system compromise; experimental results suggest it further may be possible, through a slightly different mechanism, even under high security conditions that put extremely difficult constraints on the attacker. The problem is of recent origin; it could not have occurred before a confluence of unrelated technological developments made it possible. Arduino-type microcontrollers are involved; this is an Internet of Things (IoT) vulnerability. Unlike some previous findings, the vulnerability here is moderate---at present---because it takes the infosec form of a classical covert channel. However, the architecture of several popular families of microcontrollers suggests that a Rowhammer-like directed energy optical attack that requires no malware might be possible. Phase I experiments yielded surprising and encouraging results; a covert channel is definitely practicable without exotic hardware, bandwidth approaching a Mbit/s, and the majority of discrete LEDs tested were found to be reversible on GPIO pins. Phase II experiments, not yet funded, will try to open the door remotely.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.00479/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1907.00479/full.md

## References

69 references — full list in the complete paper: https://tomesphere.com/paper/1907.00479/full.md

---
Source: https://tomesphere.com/paper/1907.00479