Hackers can use Surveillance Cameras and Infrared Light to Transfer Signals to Malware

Organizations use to protect their internal networks from Internet attacks by using firewalls, intrusion detection systems(IDSs) and intrusion prevention systems (IPSs). For a higher degree of protection, so-called ‘air-gap‘ isolation is used.

Once the malware deployed attackers try to establish communication over the covert channel to bypass IPS, IDS, and Firewalls. Over the years various covert channels used by attackers.

Security researchers from Ben-Gurion University of the Negev (BGU) introduced a new covert channel which uses the Infrared and Surveillance camera as a Communication Channel and they Named as aIR-Jumper.

Targeting air-gapped Computers

Air-gap computers need to be compromised with Malware by using Social Engineering methods are by using Insiders. Once deployed malware search for Surveillance camera by using Open ports, IP address and MAC header Response.

Once network mapped malware tries to connect with cameras by stealing the password from Computer or by exploiting the vulnerability to control the IR LEDs. Researchers published a PoC explaining technical details.

Also Read AES-256 keys can be sniffed within Seconds Using €200 Worth Hardware kit

Data Exfiltration and Infiltration – Surveillance Cameras

With Exfiltration scenario, Malware that presents inside the organization can get to the surveillance cameras across the local network and controls the IR illumination.

Then it transfers sensitive data like PIN codes, passwords, and encryption keys are then modulated, encoded and transmitted over the IR signals.An attacker who is sitting in the line of sight can retrieve these IR signals and decode it.

Many surveillance and security cameras monitor public areas which allow attackers to easily establish a line of sight with them.

Researchers said For testing and evaluation, we executed a program which encodes a binary file and transmits it by means of the IR LEDs. The program catches the camera’s IP, the encoding along with the IR intensities’ (amplitudes) timing parameters and the binary file to transmit.

Infiltration

With the infiltration scenario, an attacker standing in a public area uses IR LEDs to send hidden signals to the surveillance camera(s). Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals.

The signals covered in the video stream are then intercepted and decoded by the malware residing on the network. The exfiltration and infiltration can be combined to establish bidirectionally, ‘air-gap’ communication between the compromised network and the attacker.

Since surveillance cameras can receive light in the IR wavelength, it is conceivable to deliver data into the organization through the video stream recorded by the surveillance cameras, using covert IR signals.

Detection and Countermeasures

Detection can be done at the network level by deep packet inspection, by monitoring the network traffic from hosts in the network to the surveillance cameras.

Disabling the IR LEDs in the surveillance cameras may prevent the exfiltration channel presented in this paper.

The infiltration channel can be prevented by adding an IR filter to the surveillance camera.

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government entities and energy companies.  The attackers,…

4 hours ago

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to dismantle its operations. Initially detected in…

4 hours ago

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature. However, it has a big…

4 hours ago

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth. However, this shift towards…

4 hours ago

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within…

8 hours ago

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware.  The write-up outlines…

9 hours ago