aIR-Jumper: Covert air-gap exfiltration/infiltration via security cameras & infrared (IR)

Mordechai Guri, Dima Bykhovsky

Research output: Contribution to journalArticlepeer-review

27 Scopus citations

Abstract

Breaching highly secure networks with advanced persistent threats (APTs) has been proven feasible in the last decade, however communication between the attacker outside the organization and the APT inside the organization is not possible if the compromised network is disconnected from the Internet. In this paper, we show how attackers can exploit surveillance cameras to establish covert communication between the air-gapped networks of organizations and remote attackers. We present bidirectional communication allowing inbound and outbound data transfer. Infiltration. An attacker standing in a public area (e.g., in the street) uses near infrared light (NIR) to transmit hidden signals to the surveillance camera(s). Such NIR signals at a wavelength of 800–900 nm are invisible to humans, but cameras are optically sensitive to this type of light. Binary data is encoded and modulated on top of the IR signals. The signals hidden in the video stream are then intercepted and decoded by the malware residing in the internal network. Exfiltration. Surveillance and security cameras are equipped with controllable IR LEDs which are used for night vision. We show that the malware can control the strength of the IR illumination. Sensitive data such as PIN codes, passwords, and encryption keys are then modulated, encoded, and transmitted over the IR signals. An attacker in a public area (e.g., in the street) with a line of sight to the surveillance camera records the IR signals and decodes the leaked information. We discuss related work on air-gap covert channels and provide scientific background about our optical channel. Our evaluation shows that an attacker can establish bidirectional communication with the internal networks from distances of tens of meters to kilometers away via surveillance cameras and IR light.

Original languageEnglish
Pages (from-to)15-29
Number of pages15
JournalComputers and Security
Volume82
DOIs
StatePublished - 1 May 2019

Fingerprint

Dive into the research topics of 'aIR-Jumper: Covert air-gap exfiltration/infiltration via security cameras & infrared (IR)'. Together they form a unique fingerprint.

Cite this