Grand Idea Studio

Optical Covert Channels


Data exfiltration from a compromised device is usually achieved over the network, via hardware implant, or by manipulating the characteristics of an internal electronic component. Optical covert channels transmit data by modulating visible light in a way that is undetectable to the human eye.

The OpticSpy modules provide a low-cost way to explore, evaluate, and experiment with optical covert channels. One is based on an easy-to-build digital receiver, while the other is an analog design that allows fine-tuning for a particular target signal.

These designs are distributed under a Creative Commons Attribution-3.0 United States license.


OpticSpy (Digital):

OpticSpy (Analog):

TP-Link TL-WR841N:

    Demonstration using the router’s WAN LED as an optical covert channel. As a proof-of-concept, the payload is loaded onto the device with known administrator credentials.

  • Source Code (Cross compiled with dd-wrt’s toolchain-mips_24kc_gcc-7.2.0_musl)
  • Video: Preliminary testing (YouTube)
  • Video: Exfiltrating /etc/passwd (YouTube)


Pentester Academy TV

Hardware Security Training


Joe 'Kingpin' Grand on Hacker ...

Uses This

Joe Grand