Camera can use infrared rays to unlock a door

Theoretically, an infrared command can be sent to tell a high-security system to simply unlock the gate or front door to your house.

September 24, 2017 16:56
2 minute read.
Security camera

Security camera. (photo credit: INGIMAGE)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


Security cameras infected with malicious software can use infrared light to receive covert signals and leak sensitive information from the very surveillance devices that are used to protect facilities, according to a method developed by cyber researchers at Ben-Gurion University of the Negev in Beersheba.

According to the researchers, the method works on professional and home-security cameras. It will even work with doorbells that use LED lights, which can see infrared light invisible to the human eye.

The technique the researchers call “aIR-Jumper” also enables the creation of bidirectional covert optical communication between air-gapped internal networks that are isolated and disconnected from the Internet, without remote access to the organization. The attacker can use this channel to send commands and receive responses.

The cyber team was led by Dr. Mordechai Guri, head of research and development at BGU’s Cyber Security Research Center. The team showed how infrared light can be used to create a covert communication channel between malware installed on an internal computer network and an attacker having a direct line of sight outside, hundreds of meters or even several kilometers away.

Theoretically, an infrared command can be sent to tell a high-security system to simply unlock the gate or front door to your house, Guri said.

To transmit sensitive information, the attacker uses the camera’s infrared LEDs, which are typically used for night vision. The researchers showed how malware can control the intensity of the infrared light to communicate with a remote attacker who can receive signals undetected with a simple camera. The attacker can then record and decode these signals to leak sensitive information.

The researchers shot two videos to highlight their technique.

The first showed an attacker hundreds of meters away sending infrared signals to a camera. The second showed the camera, after it had been infected with malware, respond to covert signals by surreptitiously extracting data, including passwords and an entire copy of The Adventures of Tom Sawyer in just a few seconds.

“Security cameras are unique in that they have ‘one leg’ inside the organization, connected to the internal networks for security purposes and ‘the other leg’ outside the organization, aimed specifically at nearby public space, providing very convenient optical access from various directions and angles,” Guri said.

Attackers could also use this novel covert channel to communicate with malware inside the organization. An attacker can infiltrate data, transmitting hidden signals via the camera’s infrared LEDs. Binary data such as command and control messages can be hidden in the video stream, recorded by the surveillance cameras and intercepted and decoded by the malware residing in the network.

Related Content

June 16, 2019
Is Paleo-diet real? Archeologists scoop up ancient feces to find out


Cookie Settings