BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: How air gap attacks challenge the notion of secure networks
Q
Problem solve Get help with specific problems with your technologies, process and projects.

AIR-Jumper: How can security camera lights transmit data?

Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to prevent it with expert Nick Lewis.

Researchers at Ben-Gurion University in Israel developed a proof-of-concept exploit called aIR-Jumper that uses lights within security cameras for both data exfiltration and infiltration of air-gapped networks. How does this attack work? Should enterprises take any preventative steps with their security cameras?

Side-channel, covert channels and similar sensor-based attacks are typically used for targeted campaigns because they are resource-intensive, require physical access to a particular system and take a high level of skill. Even though these prerequisites decrease the chance that an enterprise will be attacked in this way, it doesn't mean that enterprises should stop assessing the risk of targeted attacks in their high security environments.

Once the highest risks are addressed, an enterprise may want to determine if any resources should be devoted to targeted attacks. Likewise, manufactures of devices and systems that are used in high security environments should evaluate their products to see if they can prevent them from being used in a targeted attack.

The researchers at Ben-Gurion University developed aIR-Jumper to leverage lights within security cameras as a covert channel to transmit data. As surveillance cameras are not known to incorporate general security practices, it's not surprising that they open an environment to significant unknown risk when they're not secured.

In this attack, it is assumed that malicious software is installed on an air-gapped network, and that security cameras are accessible from the infected system. This is a reasonable scenario in a remote location that lacks an internet connection.

The aIR-Jumper attack uses preinstalled malware to connect to unsecured security cameras, and it can then turn the infrared light on and off to transmit data. Some security cameras can be controlled via API calls to the web interface, which is how the researchers were able to turn the infrared light on and off to create the covert channel. The malware receives data by monitoring the video stream for the same infrared signals used to transmit the data, and then decodes it to use for a command-and-control connection.

Regardless of the attack details, enterprises should ensure security cameras and other insecure devices are separate from the rest of their network to limit risks from insecure devices.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in March 2018

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have you or your organization dealt with targeted attacks?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close