(photo credit: INGIMAGE)
Security cameras infected with malicious software can use infrared light to receive covert signals and leak sensitive information from the very surveillance devices that are used to protect facilities, according to a method developed by cyber researchers at Ben-Gurion University of the Negev in Beersheba.
According to the researchers, the method works on professional and home-security cameras. It will even work with doorbells that use LED lights, which can see infrared light invisible to the human eye.
The technique the researchers call “aIR-Jumper” also enables the creation of bidirectional covert optical communication between air-gapped internal networks that are isolated and disconnected from the Internet, without remote access to the organization. The attacker can use this channel to send commands and receive responses.
The cyber team was led by Dr. Mordechai Guri, head of research and development at BGU’s Cyber Security Research Center. The team showed how infrared light can be used to create a covert communication channel between malware installed on an internal computer network and an attacker having a direct line of sight outside, hundreds of meters or even several kilometers away.
Theoretically, an infrared command can be sent to tell a high-security system to simply unlock the gate or front door to your house, Guri said.
To transmit sensitive information, the attacker uses the camera’s infrared LEDs, which are typically used for night vision. The researchers showed how malware can control the intensity of the infrared light to communicate with a remote attacker who can receive signals undetected with a simple camera. The attacker can then record and decode these signals to leak sensitive information.
The researchers shot two videos to highlight their technique.
The first showed an attacker hundreds of meters away sending infrared signals to a camera. The second showed the camera, after it had been infected with malware, respond to covert signals by surreptitiously extracting data, including passwords and an entire copy of The Adventures of Tom Sawyer in just a few seconds.
“Security cameras are unique in that they have ‘one leg’ inside the organization, connected to the internal networks for security purposes and ‘the other leg’ outside the organization, aimed specifically at nearby public space, providing very convenient optical access from various directions and angles,” Guri said.
Attackers could also use this novel covert channel to communicate with malware inside the organization. An attacker can infiltrate data, transmitting hidden signals via the camera’s infrared LEDs. Binary data such as command and control messages can be hidden in the video stream, recorded by the surveillance cameras and intercepted and decoded by the malware residing in the network.