09/23/2017 / By Frances Bloomfield
A team of Israeli security researchers have demonstrated how hackers could use infrared light (IR) to control the behavior of malware-infected security cameras. Through their proof-of-concept malware — dubbed “aIR-Jumper” — the researchers at Ben-Gurion University of the Negev (BGU) were able to extract and send information to these surveillance devices, the process of which they detailed in their paper.
Led by Dr. Mordechai Guri, the team utilized IR light to achieve optical communication between air-gapped internal networks, or computers that have been isolated and disconnected from the internet. These types of computers are usually considered safe thanks to their detachment, yet Guri and his colleagues found that using malware to manipulate the intensity of IR light can give hackers free reign to access, encode, and transmit sensitive data.
The researchers made two videos to illustrate their point. In the first video, known as the exfiltration scenario, an attacker accessed the security cameras with the help of the aIR-Jumper malware to command IR light illumination. They then used IR signals to transmit sensitive data like passwords, PIN codes, and encryption keys.
In the second video, or the infiltration scenario, an attacker hundreds of yards away sent hidden IR signals to the security camera. Beacon messages and command and control (C&C) could be encoded into these IR signals and then intercepted by the malware hiding in the network to influence the behavior of the security cameras.
Additionally, the researchers noted that the covert channel could send data from a security camera to an attacker at the rate of 20 bits per second; conversely, an attacker could send data to a security camera at around 100 bits per second, though the bit-rate may be boosted by the use of a camera.
What’s more is that, according to the researchers, these scenarios are applicable to any device that can detect IR light. These include professional surveillance cameras, home security cameras, and LED doorbells.
“Security cameras are unique in that they have ‘one leg’ inside the organization, connected to the internal networks for security purposes, and ‘the other leg’ outside the organization, aimed specifically at a nearby public space, providing very convenient optical access from various directions and angles,” said Guri. (Related: Is the whole world watching your private home security camera? 73,000 now online.)
He further added: “Theoretically, you can send an infrared command to tell a high-security system to simply unlock the gate or front door to your house.”
aIR-Jumper has become the latest demonstration of security vulnerability from Guri and his team, according to ArsTechnica.com. Previous efforts include a technique that gives an infected computer’s video card the ability to transmit radio signals to smartphones capable of receiving FM signals, and an air-gap jumper that can relay data through acoustic signals emitted from the hard drive.
What makes aIR-Jumper unique is that those using it don’t need to be directly in the line of sight of the video camera for it to work. As long as the area surrounding the camera is irradiated by IR lights, then an attacker can use aIR-Jumper to hack into the camera. aIR-Jumper has proven to be just as effective against networks protected by firewalls and other security systems as it can easily bypass these measures even without physical access.
However dangerous aIR-Jumper is, it is still possible to render it useless by placing security cameras in zones optically inaccessible to potential attackers.
Go to Surveillance.news to become aware of the other possible security dangers lurking in your home.