Security camera
IR is invisible to the human eye but can reveal sensitive data about CCTV cameras Rob Sarmiento/Unsplash

Security cameras that have been infected with malware can be hacked using infrared light to leak sensitive information or break into homes, a team of university researchers has found.

Cybersecurity experts from Ben-Gurion University of the Negev (BGU) in Israel released an academic paper this week (19 September) detailing how a technique – known as "aIR-Jumper" – can be used against both professional and home security hardware.

The method, researchers found, works by detecting infrared light (IR), which is not visible to the human eye.

It helped create bidirectional, covert, communication between "air-gapped" networks, which are systems isolated and disconnected from the internet.

The researchers found that malware could control the intensity of the IR to communicate with a remote attacker who would then receive the signals, with a simple camera, without detection.

Then the attacker could record and decode these signals to obtain or leak sensitive information.

"Infrared light is invisible to humans, but cameras are optically sensitive to this type of light," the paper noted. It showed the aIR-Jumper technique could be used to infiltrate security cameras and exfiltrate data – including Pin codes, passwords and encryption keys.

Data can be covertly exfiltrated from a targeted camera up to 10m away and infiltrated from a distance of "hundreds of metres to kilometres" away, the team said.

Dr Mordechai Guri, head of research and development for BGU's Cyber Security Research Centre (CSRC), said: "Theoretically, you can send an infrared command to tell a high-security system to simply unlock the gate or front door to your house.

"Security cameras are unique in that they have 'one leg' inside the organisation, connected to the internal networks for security purposes, and the 'other leg' outside the organisation aimed specifically at a nearby public space."

This, Guri said, can provide "convenient optical access from various directions and angles."

The researchers shot two videos, both uploaded to YouTube, to demonstrate their technique. The first shows an attacker sending infrared signals to a camera. The second shows the camera (which is already infected with malware) responding to covert signals by exfiltrating data.

The research team also included Dr Dima Biekowski, Shamoon College of Engineering, and Prof Yuval Elovici, director of the Cyber Security Research Centre.

This is not the first time that BGU cybersecurity researchers have used transmissions to help tamper with products. In February, one team – also led by Guri - found blinking LED lights built into PCs, laptops and servers could be used to hijack data from air-gapped machines.