Where there’s a will, there’s a way, and hackers have plenty of will and countless ways to attack a secure network—even if it’s not connected to the internet.
In the latest demonstration proving no network is safe, researchers at Ben-Gurion University of the Negev used security cameras equipped with night vision to send and receive data from a network that wasn’t even connected to the internet. Firewalls, intrusion detection and prevention systems…
Jumping the Gap
Organizations with internet-connected networks use a host of security software to keep nefarious hackers out of the network. But for even greater security, firms and government entities set up “air-gap” networks that aren’t physically connected to the web. Though hackers need to be a little more creative, these networks are still quite vulnerable.
As a first step, a hacker needs to embed malware into an air-gap network. This could be accomplished by using a malicious insider, or simply selling a USB with malware loaded on it. In 2008, for example, Ben-Gurion researchers say a United States military network was compromised after a foreign intelligence agency supplied infected thumb drives to retail kiosks near NATO headquarters in Kabul, Afghanistan. Once malware plants itself in an air-gap system, hackers’ next step is to set up a channel of communication. And that’s where the security cameras come in.
Security cameras use infrared LEDs to see at night, and the researchers used this simple function to send and receive data to a white-hat (good guy) hacker standing in a parking lot in one demonstration. Computers rely on a binary code of 1s and 0s, so researchers used a malware program that flashed a security camera’s infrared LEDs on and off at specified intervals to relay binary signals that contained information about passwords, PIN codes and encryption keys—anything, really.
The process also worked in reverse. The researchers used infrared light beams while standing in the parking lot to flash commands into the camera, which were then decoded by the malware embedded in the system. Essentially, they established a two-way communication channel with a network that was “off the grid.” Their illuminating findings were published earlier this week on the preprint server arXiv.
This method of hacking networks is particularly troubling because many organizations that store sensitive information about customers have public parking lots. And further, infrared light is invisible to the naked eye, which makes it difficult for a passer-by or security guard to spot nefarious behavior.
No Network Is Entirely Secure
Exploiting the infrared lights on a security camera is just one of many ways hackers can breach air-gap networks. Their methods are at once villainous and downright ingenious.
Hackers have used electromagnetic radiation from the computer screen and audio signals from a spinning hard drive or fan to generate binary messages and transmit data. In one attack, hackers designed malware that sends signals by blinking the caps-lock light into a camera. If it generates an optical, thermal, acoustic or electromagnetic signal, it can be used to relay information.
It’s certainly troubling to see how vulnerable networks can be. Fortunately, there are folks like the team at Ben Gurion working hard to exploit those weaknesses and recommend fixes before the bad guys can.