Stories
Slash Boxes
Comments

SoylentNews is people

Infrared Signals in Surveillance Cameras Let Malware Jump Network Air Gaps

posted by Fnord666 on Wednesday September 20 2017, @08:21PM   Printer-friendly
from the (stolen)-data-wants-to-be-free dept.

MrPlow writes:

Submitted via IRC for SoyCow1937

Researchers have devised malware that can jump airgaps by using the infrared capabilities of an infected network's surveillance cameras to transmit data to and from attackers.

The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks.

The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.

Researchers at Israel's Ben-Gurion University of the Negev and Shamoon College of Engineering said the malware establishes a two-way channel that attackers can use to communicate with compromised networks even when they're air-gapped. The covert channel can transmit data from a video camera to an attacker at 20 bits per second and from an attacker transmitter to a video camera at 100 bits per second. When more than a camera is used in the attacks the bit-rate may be increased further.

Source: https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Infrared Signals in Surveillance Cameras Let Malware Jump Network Air Gaps | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Wednesday September 20 2017, @08:45PM (1 child)

    by Anonymous Coward on Wednesday September 20 2017, @08:45PM (#570840)

    Not only that, but each and every time I heard about such "air gapped malware", it seems to always be from Israel's Ben-Gurion University.

    I suspect they have a very good online PR person. Perhaps getting this exposure is how they can turn around and claim more funding. It does get a bit boring though, as they seem to regurgitate the obvious every single time, like you explained.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 0) by Anonymous Coward on Wednesday September 20 2017, @10:00PM

    by Anonymous Coward on Wednesday September 20 2017, @10:00PM (#570868)

    Thought the same. But it wasn't the usual list of people from previous papers that were like "cause {fan, cpu, disk lights, ...} to generate morse code, detect it, and get paper published".