CCTV cameras enslaved to infiltrate air-gap networks
CCTV cameras can be compromised to create a pathway for attackers to infiltrate and steal information from air-gapped networks.
Tech Pro Research
A cybersecurity team from Ben-Gurion University of the Negev, Israel, led by Dr. Mordechai Guri, published research on Tuesday demonstrating the attack.
Air-gapped networks and PCs are isolated from the internet and are also physically separated from local networks in order to prevent attackers compromising weak links in a chain to eventually reach these systems which may be used to process or store valuable, sensitive, and confidential data.
By design, these networks are focused on security and should be difficult to infiltrate. However, the new attack, dubbed aIR-Jumper, uses infrared light to bypass these protections.
According to the research paper, infrared light may be invisible to human senses, but cameras are sensitive to the presence of this kind of light. CCTV cameras are equipped with IR LEDs, used for night vision, and are perfect for the aIR-Jumper technique to exploit.
As such, malware used to compromise surveillance cameras can be used to establish "bi-directional covert communication" between internal corporate networks and remote attackers. The malicious code can also be used to "access the surveillance cameras across the local network and controls the IR illumination" in order to transmit data.
Guri says that the lights can be used to transmit hidden signals to surveillance cameras, including PIN codes, passwords, and encryption keys which are modulated, encoded, and then transferred to attackers.
In two scenarios, the team demonstrated how the lighting systems could be used to connect attackers to a compromised network. In one case, exfiltration -- the leak of data -- was possible, while in an infiltration attack scenario, data was sent into the network.
"In an infiltration scenario, an attacker standing in a public area (e.g., in the street) uses IR LEDs to transmit hidden signals to the surveillance camera(s)," the paper reads. "Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals."
"Our evaluation of the covert channel shows that data can be covertly exfiltrated from an organization at a rate of 20 bit/sec per surveillance camera to a distance of tens of meters away," the researchers say. "Data can be covertly infiltrated into an organization at a rate of over 100 bit/sec per surveillance camera from a distance of hundreds of meters to kilometers away."
This is not the first time the team at the university has explored how lighting can be used to infiltrate air-gapped networks. Earlier this year, Dr. Guri described a method to steal information using LED lights found on routers and switches.
The research paper (.PDF) explained that custom malware can extract binary data from LED lighting, alongside encryption keys, passwords, and files.
The team has also created a number of other attacks, such as Bitwhisper, which uses thermal currents; GSMem, which uses GSM frequencies to steal information from air-gapped networks, and AirHopper, a technique which uses radio frequencies.
Previous and related coverage
You're not safe offline: Router LED lights can steal your data
Whether your PC is physically connected to a network or not, a router or switch can be used to compromise your data.
Dell launches threat protection for air-gapped enterprise systems
The security suite is aimed at isolated systems which are not invulnerable to attack in this day and age.
Think you're safe from hackers offline? This drone steals data from a PC's blinking LED
If you've got an air-gapped computer, it might be time to cover up the hard drive's leaky flashing LED lights.