Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday September 20 2017, @08:21PM   Printer-friendly
from the (stolen)-data-wants-to-be-free dept.

Submitted via IRC for SoyCow1937

Researchers have devised malware that can jump airgaps by using the infrared capabilities of an infected network's surveillance cameras to transmit data to and from attackers.

The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks.

The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.

Researchers at Israel's Ben-Gurion University of the Negev and Shamoon College of Engineering said the malware establishes a two-way channel that attackers can use to communicate with compromised networks even when they're air-gapped. The covert channel can transmit data from a video camera to an attacker at 20 bits per second and from an attacker transmitter to a video camera at 100 bits per second. When more than a camera is used in the attacks the bit-rate may be increased further.

Source: https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by jmorris on Thursday September 21 2017, @02:44AM

    by jmorris (4844) on Thursday September 21 2017, @02:44AM (#570959)

    All you really need is to replace the firmware in the camera. It has enough processing power to do the heavy lifting and send / receive a payload to the worm inside the network. And for the sort of actors who really worry about this, the nightmare scenario is assuring the camera didn't ship from China preloaded, just waiting on a magic IR signal to awaken and begin work.

    And yes, shine lights at it. Infrared laser, very short bursts. But there is no rule that says the reception even need be IR, it could react to any visual stimulus you can imagine. So long as it doesn't induce odd power spikes from the image processing noticeable on the PoE switch's logs the sky is the limit. You could roll a truck by with a QR code on the side in the otherwise forgettable artwork and have it accept a command.

    And if you can't get the camera you can try to get the server storing and processing the video. Bigger chance of somebody noticing the additional workload there so more dangerous unless it is very simple signaling.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2