("Oops! Had the silly thing in reverse")---Optical injection attacks in through LED status indicators

Abstract

It is possible to attack a computer remotely through the front panel LEDs. Following on previous results that showed information leakage at optical wavelengths, now it seems practicable to inject information into a system as well. It is shown to be definitely feasible under realistic conditions (by infosec standards) of target system compromise; experimental results suggest it further may be possible, through a slightly different mechanism, even under high security conditions that put extremely difficult constraints on the attacker. The problem is of recent origin; it could not have occurred before a confluence of unrelated technological developments made it possible. Arduino-type microcontrollers are involved; this is an Internet of Things (IoT) vulnerability. Unlike some previous findings, the vulnerability here is moderate---at present---because it takes the infosec form of a classical covert channel. However, the architecture of several popular families of microcontrollers suggests that a Rowhammer-like directed energy optical attack that requires no malware might be possible. Phase I experiments yielded surprising and encouraging results; a covert channel is definitely practicable without exotic hardware, bandwidth approaching a Mbit/s, and the majority of discrete LEDs tested were found to be reversible on GPIO pins. Phase II experiments, not yet funded, will try to open the door remotely.