Researchers Hack Infrared Cameras to Steal Data

(By Dr. Mordechai Guri)

It was revealed in a disturbing story by BY DAN GOODIN in ars TECHNICA, that cyber researchers at the Ben-Gurion University of the Negev in Beersheba have developed a technique to hack security systems called 'aIR-Jumper'.

The technique requires malware to be installed on the system before the IR hack can take place, so, don't freak out that they can just flash an IR light into a security camera and get information. The system has to be compromised first. 

According to a story by ARS Technica:

The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks.
The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.

Look at this terrifying video of a drone using a laser to get information from a system.

(video by Cyber Security Labs @ Ben Gurion University)

This is where cybercrime is starting to get innovative. Combining off the shelf components, drones, IR lights and lasers and wifi to get into areas that used to require Tom Cruise and suction cup gloves to hack. If anything, these scientists are making espionage movies less thrilling. Still really interesting, but the stakes aren't as high when a $400 dollar drove falls to its death. 

This hack doesn't just apply to businesses, some home doorbells with LEDs that are connected to a security system. Remeber how the Cylon's took over every ship except the Galactica because it wasn't connected to any grid? So say we all. For more information, check out the story on ARS TECHNICA'S web page.