Network Security, Vulnerability Management

Attackers can pull data from air-gapped networks’ surveillance cameras

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using infrared surveillance cameras that ironically are supposed to make the organizations using them more secure.

Dubbed aIR-Jumper, the air-gap covert channel attack was discovered by researchers Mordechai Guri and Yuval Elovici at Ben-Gurion University of the Negev and Dima Bykhovsky with the Shamoon College of Engineering (both institutions are based in Israel). According to the researchers' report, published this week, sensitive data such as PIN codes, passwords, encryption keys and keylogging information can be encoded onto the infrared light emitted by surveillance cameras and subsequently captured and deciphered by the attackers. Likewise, malicious actors can send command-and-control and beaconing messages to their victims' systems by transmitting infrared signals -- invisible to the human eye -- into the cameras.

Such an attack, however, requires several steps of compromise in order to succeed. The air-gapped systems would already have to be infected with malware, likely delivered via a flash drive, that is capable of both controlling networked cameras' illumination and decoding incoming infrared signals. Additionally, the security cameras need to be in proximity to the attackers, within their line or sight. And finally, in order to connect to the cameras, the attackers likely would need to steal a password, perhaps by exploiting a bug in the camera's software or firmware.

"Our evaluation of the covert channel shows that data can be covertly exfiltrated from an organization at a rate of 20 bit/sec per surveillance camera to a distance of tens of meters away," the report states. "Data can be covertly infiltrated into an organization at a rate of over 100 bit/sec per surveillance camera from a distance of hundreds of meters to kilometers away. These transmission rates can be increased further when several surveillance cameras are used."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.