All CCTV Cameras Exposed to Infrared Attacks

Proof-of-concept malware known as aIR-Jumper could be used for defeating air-gapped network protections, and then send the data in and out of the targeted network. Technique works by using surveillance cameras and the infrared LED lights which could blink back and forward to each other to transmit data.

Researchers Dima Bykhovsky, Mordechai Guri and Yuval Elovici of the Ben-Gurion University devised the attack and published their discovery early this week. They wrote: "Attackers can use surveillance cameras and infrared light to set-up covert communication, which can function in two directions, between remote attackers and the internal networks of organizations.

This means that the attack can be used both to 'infiltrate' and 'exfiltrate' data from outside. While exfiltrating, the malware inside the organization will enter the cameras via local network to control their IR illumination as per the details given in the research paper. Firstpost.com posted on September 21st, 2017, stating that the malware will then capture all passwords, PIN codes and encryption keys and then 'modulate, encoded' and then later transmit them over the IR signal from the surveillance cameras.

According to researchers, in another incident of infiltration, a remote hacker delivers information to the internal networks of the organization which might contain C&C messages for the aIR-Jumper malware residing in the network. Researchers claimed that sensitive data like passwords, PIN codes, keylogging data and encryption keys can be encoded, modulated and transmitted over the IR signals outside the air-gapped network by using this technique.

Big caveats to hack are any targeted air-gapped network that must already have been infected with aIR-Jumper malware, and the infected networks should be connected to the surveillance cameras that are visible to the external hackers. In those conditions, malware could target the application program interfaces of a camera for either modulating the infrared LED lights for sending data or interpreting the external blinking infrared LED lights as commands.

According to researchers, more worrying about leaking data in this summer is that hackers can secretly 'infiltrate' the network of an organization at a rate of 'more than 100 bit/sec' on every surveillance camera. This attack can be executed 'from a distance of hundreds of meters to kilometers away. This means that attackers can break the system from a distance of kilometers at a much higher rate of data transfer.

» SPAMfighter News - 10/4/2017