A cybersecurity team from Ben-Gurion University of the Negev, Israel, led by Dr. Mordechai Guri, published a report demonstrating that attackers could use surveillance cameras and infrared light to establish bi-directional, covert communication with the internal networks of organizations.
The report describes two methods with which attackers can exploit the technology: exfiltration and infiltration. In exfiltration, attackers can either use malware to access the surveillance cameras across the local network and controls the IR illumination. Sensitive data such as PIN codes, passwords, and encryption keys are then modulated, encoded, and transmitted over the IR signals.
The researchers described infiltration as an attacker standing in a public area and using IR LEDs to transmit hidden signals to the surveillance camera(s). Binary data such as command and control and beacon messages are encoded on top of the IR signals.
The exfiltration and infiltration can be combined, according to the report, to establish bidirectional, air-gap communication between the compromised network and the attacker, and data can be infiltrated into an organization from hundreds of meters away.
To read the report, visit arxiv.org/abs/1709.05742.