Security cameras ARE a security risk: Researchers demonstrate how they can be hacked to exploit sensitive information
By Frances Bloomfield // Sep 23, 2017

A team of Israeli security researchers have demonstrated how hackers could use infrared light (IR) to control the behavior of malware-infected security cameras. Through their proof-of-concept malware — dubbed “aIR-Jumper” — the researchers at Ben-Gurion University of the Negev (BGU) were able to extract and send information to these surveillance devices, the process of which they detailed in their paper.

Led by Dr. Mordechai Guri, the team utilized IR light to achieve optical communication between air-gapped internal networks, or computers that have been isolated and disconnected from the internet. These types of computers are usually considered safe thanks to their detachment, yet Guri and his colleagues found that using malware to manipulate the intensity of IR light can give hackers free reign to access, encode, and transmit sensitive data.

The researchers made two videos to illustrate their point. In the first video, known as the exfiltration scenario, an attacker accessed the security cameras with the help of the aIR-Jumper malware to command IR light illumination. They then used IR signals to transmit sensitive data like passwords, PIN codes, and encryption keys.

In the second video, or the infiltration scenario, an attacker hundreds of yards away sent hidden IR signals to the security camera. Beacon messages and command and control (C&C) could be encoded into these IR signals and then intercepted by the malware hiding in the network to influence the behavior of the security cameras.

Additionally, the researchers noted that the covert channel could send data from a security camera to an attacker at the rate of 20 bits per second; conversely, an attacker could send data to a security camera at around 100 bits per second, though the bit-rate may be boosted by the use of a camera.

What's more is that, according to the researchers, these scenarios are applicable to any device that can detect IR light. These include professional surveillance cameras, home security cameras, and LED doorbells.

“Security cameras are unique in that they have 'one leg' inside the organization, connected to the internal networks for security purposes, and 'the other leg' outside the organization, aimed specifically at a nearby public space, providing very convenient optical access from various directions and angles,” said Guri. (Related: Is the whole world watching your private home security camera? 73,000 now online.)

He further added: “Theoretically, you can send an infrared command to tell a high-security system to simply unlock the gate or front door to your house.”

About aIR-Jumper

aIR-Jumper has become the latest demonstration of security vulnerability from Guri and his team, according to ArsTechnica.com. Previous efforts include a technique that gives an infected computer's video card the ability to transmit radio signals to smartphones capable of receiving FM signals, and an air-gap jumper that can relay data through acoustic signals emitted from the hard drive.

What makes aIR-Jumper unique is that those using it don't need to be directly in the line of sight of the video camera for it to work. As long as the area surrounding the camera is irradiated by IR lights, then an attacker can use aIR-Jumper to hack into the camera. aIR-Jumper has proven to be just as effective against networks protected by firewalls and other security systems as it can easily bypass these measures even without physical access.

However dangerous aIR-Jumper is, it is still possible to render it useless by placing security cameras in zones optically inaccessible to potential attackers.

Go to Surveillance.news to become aware of the other possible security dangers lurking in your home.

Sources include:

ScienceDaily.com

Arxiv.org

ArsTechnica.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.