Hacking Into Security Cameras From Parking Lots
Hacking Into Security Cameras From Parking Lots
September 25, 2017
Discover — Where there’s a will, there’s a way, and hackers have plenty of will and countless ways to attack a secure network—even if it’s not connected to the internet.
Dr. Mordechai Guri, head of research and development for BGU’s Cyber Security Research Center (CSRC)
In the latest demonstration proving no network is safe, researchers from Ben-Gurion University of the Negev led by Dr. Mordechai Guri, head of research and development for BGU’s Cyber Security Research Center (CSRC), used security cameras equipped with night vision to send and receive data from a network that wasn’t even connected to the internet.
Jumping the Gap
Organizations with internet-connected networks use a host of security software to keep nefarious hackers out of the network. But for even greater security, firms and government entities set up “air-gap” networks, meaning networks that aren’t physically connected to the Web. To bypass this “air gap,” a hacker needs to embed malware into an air-gap network. This could be accomplished by using a malicious insider, or simply selling a USB with malware loaded on it.
In 2008, for example, Ben-Gurion University researchers say a United States military network was compromised after a foreign intelligence agency supplied infected thumb drives to retail kiosks near NATO headquarters in Kabul, Afghanistan. Once malware plants itself in an air-gap system, a hacker’s next step is to set up a channel of communication. And that’s where the security cameras come in.
The BGU researchers demonstrated how a potential hacker, standing in a parking lot, could send and receive data using a security camera’s infrared LEDs. They could obtain information about passwords, PIN codes and encryption keys.
The researchers also showed how the process could work in reverse. Essentially, they established a two-way communication channel with a network that was “off the grid.”
This method of hacking networks is particularly troubling because many organizations that store sensitive information about customers have public parking lots. And further, infrared light is invisible to the naked eye, which makes it difficult for a passer-by or security guard to spot nefarious behavior.
It’s troubling to see how vulnerable networks can be. Fortunately, there are folks like the team at BGU who continue to work hard to exploit hackers’ weaknesses and recommend fixes before sensitive information can be manipulated or stolen.
Read the full story on Discover>>
Stories Like This
