Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Infrared Cameras Allow Hackers to Jump Air Gaps

A team of researchers from Israel has developed a piece of malware that demonstrates how hackers can abuse security cameras with infrared (IR) capabilities to send and receive data to and from an air-gapped network.

A team of researchers from Israel has developed a piece of malware that demonstrates how hackers can abuse security cameras with infrared (IR) capabilities to send and receive data to and from an air-gapped network.

The research was conducted by the Ben-Gurion University of Negev and the Shamoon College of Engineering in Israel. Its goal was to show that a piece of malware installed in an air-gapped network can not only exfiltrate sensitive data, such as passwords, PINs and encryption keys, but also receive commands from the outside world via infrared light, which is invisible to the human eye.

Security cameras are typically equipped with IR LEDs that provide night vision capabilities. If an attacker can plant a piece of malware on the network connected to these cameras, the malware can take control of the IR LEDs and use them to transmit bits of data.

The malware described by experts, dubbed “aIR-Jumper,” can encode the stolen data using various methods. For example, if on-off keying (OOK) encoding is used, the absence of an IR signal for a certain duration encodes a zero (“0”) bit, while the presence of a signal for the same duration encodes a one (“1”) bit.

Encoding one character of a password, PIN or encryption key requires 8 bits (1 byte). However, for data transmission purposes, the researchers suggested also adding preamble bits for calibrating certain parameters (e.g. LED location and IR levels) and synchronization with the beginning of the transmission, and some bits for error detection.

Another encoding method suggested by the researchers involves frequency changes. For example, a “1” is encoded if the LED is on for a certain duration at a certain frequency, and a zero is encoded if it’s on at a different frequency. Similarly, intensity level changes, or amplitude shift keying (ASK), can be used.

Advertisement. Scroll to continue reading.

Data transmission rates depend on the security camera and the camera used to capture the data (e.g. GoPro, smartphone camera). Experiments conducted by the researchers showed that data can be exfiltrated at a rate of 20 bits/sec over a distance of tens of meters, and it can be infiltrated over a distance of hundreds of meters and even kilometers at a rate of 100 bits/sec.

Data transmission rates can be increased significantly if more than one security camera is used by the attacker. Videos have been published to show how the infiltration and exfiltration attacks work:

Ben-Gurion researchers have dedicated a lot of their time to finding ways to exfiltrate and infiltrate data on air-gapped networks. Their previous work involved using router LEDsscannersHDD activity LEDs, USB devices, the noise emitted by hard drives and fans, and heat emissions.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.