While LEDs are designed to emit light and can thus
unnoticeably encode information through high-frequency flickering,
their ability to also perceive light is largely unknown in the
security community. In particular, by directing a laser on the LEDs
of office devices, we induce a measurable current in the hardware that can be picked up by its firmware and used to receive incoming
data.
They are firing a laser at an LED under the following assumptions.
1. They already have arbitrary code execution on the device but want to open a bidirectional communication channel. 2. It is possible to reprogram the GPIO port to function as an input (not always possible, since ports may be output only). 3. They can induce a large enough current through firing a laser at the LED to exceed the GPIO threshold voltage for said port. 4. They have a suitable line of sight to the LED, ie. it is both facing them and not recessed, and there is no oblique or low-opacity window between them and the air-gapped asset. 5. They can get close enough to launch the attack.
They are firing a laser at an LED under the following assumptions.
1. They already have arbitrary code execution on the device but want to open a bidirectional communication channel. 2. It is possible to reprogram the GPIO port to function as an input (not always possible, since ports may be output only). 3. They can induce a large enough current through firing a laser at the LED to exceed the GPIO threshold voltage for said port. 4. They have a suitable line of sight to the LED, ie. it is both facing them and not recessed, and there is no oblique or low-opacity window between them and the air-gapped asset. 5. They can get close enough to launch the attack.