Hackers can steal data from the Air Gap network computer using Camera IR CCTV

The computers in the Air Gap network are separated from the local Internet and network, which is said to be the safest and most difficult way to penetrate. This network has been the subject of research for many years as researchers try to describe every possible scenario of attack, leading to disruption of the safety of these isolated networks.

Recently, researchers from Israel's Ben Gurion University have described several ways to get sensitive information from computers in this closed network.

Now they find another way to steal sensitive information on the Air Gap computer - thanks to the help of infrared CCTV cameras for night vision.

An attack scenario called aIR-Jumper consists of an Air Gap computer (to steal data from it), a CCTV network (at least one CCTV installed inside, in front of the Air Gap computer and a side-mounted CCTV In addition), suppose both networks are not connected to each other and are not connected to the network.

Hackers can steal data from the Air Gap network computer using Camera IR CCTV Picture 1
Stealing data transmission model

Ignoring the fact that Air Gap and CCTV are infected with malware, research focuses on how malware transfers the stolen data back to the attacker.

To read and send data, aIR-Jumper malware on Air Gap and CCTV network will flash IR LED lights in a password-like sequence to transfer files into binary data 0, 1.

Data from the video camera transmits at a rate of 20 bits per second over a distance of 10 meters and from an attacker to a video camera is 100 bits per second, even in the dark.

Because of the attack to steal files under binary data, the attacker will not be able to retrieve large files, but can obtain passwords, encryption keys, PIN codes and other sensitive data on the computer.

'Under this scenario, the attacker stands in public, using IR LED to transmit signals to surveillance cameras. Binary data such as messages from C&C are encrypted on it '.
The researchers also released two videos that illustrate two attack scenarios.

The first video describes how malware is installed on Air Gap computers to collect data and convert to binary, then flash the LED. At the same time, the camera captures the signal and the malware installed on it will convert the code back into binary.

In the second video, another internal connection camera is placed outside (in the parking lot) and transmits the stolen binary data to the attacker sitting in the car using IR LED in sequence.

CCTV camera is like a bridge between Air Gap computer and attacker, as a navigation channel.