dazd

Some academic work has already been done on this, I have listed two papers below that discuss this. In the first paper they developed the system via sending data over the LED status messages they acheived a maximum acheivable throughput of 2.283 bytes/sec. In the paper they describe how their coding scheme works. Hardware Trojan Horse Device Based on Unintended USB Channels by Clark, J.; Leblanc, S.; Knight, S.; Electr. & Comput. Eng. Dept., R. Mil. Coll. of Canada, Kingston, ON, Canada This paper appears in: Network and System Security, 2009. NSS '09. Third International Conference on Abstract This paper discusses research activities that investigated the risk associated with USB devices. The research focused on identifying, characterizing and modelling unintended USB channels in contemporary computer systems. Such unintended channels can be used by a USB hardware Trojan horse device to create two way communications with a targeted network endpoint, thus violating the integrity and confidentiality of the data residing on the endpoint. The work was validated through the design and implementation of a proof of concept hardware Trojan horse device that uses two such unintended USB channels to successfully interact with a target network endpoint to compromise and exfiltrate data from it. the follow paper is also interesting using jitterbugs Keyboards and covert channels by Gaurav Shah,Andres Molina & Matt Blaze at the Department of Computer and Information Science, University of Pennsylvania Published in USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15 USENIX Association Berkeley, CA, USA ©2006 abstract This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet.