Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Infrared Cameras Allow Hackers to Jump Air Gaps

A team of researchers from Israel has developed a piece of malware that demonstrates how hackers can abuse security cameras with infrared (IR) capabilities to send and receive data to and from an air-gapped network.

A team of researchers from Israel has developed a piece of malware that demonstrates how hackers can abuse security cameras with infrared (IR) capabilities to send and receive data to and from an air-gapped network.

The research was conducted by the Ben-Gurion University of Negev and the Shamoon College of Engineering in Israel. Its goal was to show that a piece of malware installed in an air-gapped network can not only exfiltrate sensitive data, such as passwords, PINs and encryption keys, but also receive commands from the outside world via infrared light, which is invisible to the human eye.

Security cameras are typically equipped with IR LEDs that provide night vision capabilities. If an attacker can plant a piece of malware on the network connected to these cameras, the malware can take control of the IR LEDs and use them to transmit bits of data.

The malware described by experts, dubbed “aIR-Jumper,” can encode the stolen data using various methods. For example, if on-off keying (OOK) encoding is used, the absence of an IR signal for a certain duration encodes a zero (“0”) bit, while the presence of a signal for the same duration encodes a one (“1”) bit.

Encoding one character of a password, PIN or encryption key requires 8 bits (1 byte). However, for data transmission purposes, the researchers suggested also adding preamble bits for calibrating certain parameters (e.g. LED location and IR levels) and synchronization with the beginning of the transmission, and some bits for error detection.

Another encoding method suggested by the researchers involves frequency changes. For example, a “1” is encoded if the LED is on for a certain duration at a certain frequency, and a zero is encoded if it’s on at a different frequency. Similarly, intensity level changes, or amplitude shift keying (ASK), can be used.

Data transmission rates depend on the security camera and the camera used to capture the data (e.g. GoPro, smartphone camera). Experiments conducted by the researchers showed that data can be exfiltrated at a rate of 20 bits/sec over a distance of tens of meters, and it can be infiltrated over a distance of hundreds of meters and even kilometers at a rate of 100 bits/sec.

Data transmission rates can be increased significantly if more than one security camera is used by the attacker. Videos have been published to show how the infiltration and exfiltration attacks work:

Advertisement. Scroll to continue reading.

Ben-Gurion researchers have dedicated a lot of their time to finding ways to exfiltrate and infiltrate data on air-gapped networks. Their previous work involved using router LEDsscannersHDD activity LEDs, USB devices, the noise emitted by hard drives and fans, and heat emissions.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...