Ignoring the fact that Air Gap and CCTV are infected with malware, research focuses on how malware transfers the stolen data back to the attacker.
To read and send data, aIR-Jumper malware on Air Gap and CCTV network will flash IR LED lights in a password-like sequence to transfer files into binary data 0, 1.
Data from the video camera transmits at a rate of 20 bits per second over a distance of 10 meters and from an attacker to a video camera is 100 bits per second, even in the dark.
Because of the attack to steal files under binary data, the attacker will not be able to retrieve large files, but can obtain passwords, encryption keys, PIN codes and other sensitive data on the computer.
'Under this scenario, the attacker stands in public, using IR LED to transmit signals to surveillance cameras. Binary data such as messages from C&C are encrypted on it '.
The researchers also released two videos that illustrate two attack scenarios.
The first video describes how malware is installed on Air Gap computers to collect data and convert to binary, then flash the LED. At the same time, the camera captures the signal and the malware installed on it will convert the code back into binary.
In the second video, another internal connection camera is placed outside (in the parking lot) and transmits the stolen binary data to the attacker sitting in the car using IR LED in sequence.
CCTV camera is like a bridge between Air Gap computer and attacker, as a navigation channel.