Subscriber Discussion

Hacking A Surveillance System Directly Thru Camera - Fake News?

Avatar
Robert Baxter
Nov 02, 2017

This article was brought to my attention. Tell me this is not so.

https://www.fastcompany.com/40470454/researchers-hack-malware-security-camera-over-airgap

 

Avatar
Brian Karas
Nov 02, 2017
IPVM

It is not "fake" in that you could built an exploit on something like this. However, you would need to first get access to the camera to load/modify some files that would allow it to use the IR capabilites for send/receive. Then, it would also be a fairly low-speed link.

Overall, this is not something where known exploits exist, or are very likely to be built. But, it is worth being aware of to help understand why IP cameras should be on segmented networks, kept updated, monitored, etc., if you are concerned about cyber security.

 

U
Undisclosed #1
Nov 02, 2017
IPVMU Certified

More info here at: IP Camera Use To Jump Air Gapped Networks

Main point is that the camera must be compromised to begin with.  Then covert IR communication could conceivably be used to trigger a DNS attack or upload new instructions.

IMHO, theorectical hack at best...

Avatar
Jon Dillabaugh
Nov 02, 2017
Pro Focus LLC

Their account of an "air gap" isn't really that. They mention one leg inside the private corporate network and one in the public space. That's not an air gap IMO.

But, the idea, although plausible, really is based upon having an infected camera that has access to the corporate network, where viable data resides. If you truly air gap the cameras from the remaining corporate network, this isn't going to yield the attacker much data.

U
Undisclosed #2
Nov 02, 2017
In reply to Jon Dillabaugh

Maybe in a year or two we learn that every camera has had a peculiar "debug modulation" turned on in their IRs that spilt the system parameters to the environment...mildly encrypted of course..

If you consider a scenario where the camera resides on an airgapped network, but there is a possibility for someone to infect the camera and then communicate with it another way, I would say that it results in jumping an air gap. What is in the network itself, be it just cameras or network shares too, isn't really relevant.

It's not just the data they might gather, but the control they could have, while the owner of the system may believe that nothing can happen because of the gap, but didn't consider other, more mechanical feats cameras can do.

U
Undisclosed #1
Nov 02, 2017
IPVMU Certified
In reply to Undisclosed #2

MM
Michael Miller
Nov 02, 2017
In reply to Jon Dillabaugh

On the videos I watched showing this hack they had outside cameras and inside cameras.  They used the IR on the outside cameras to transmit data from what the inside cameras where seeing to the outside world.

(1)
UI
Undisclosed Integrator #3
Nov 02, 2017
In reply to Michael Miller

Could you link the videos you are referring to Michael? I had a customer mention this type of attack to me last month, but I did not really understand what he was getting at. 

U
Undisclosed #1
Nov 02, 2017
IPVMU Certified
In reply to Undisclosed Integrator #3

(1)
UI
Undisclosed Integrator #3
Nov 02, 2017
In reply to Undisclosed #1

Thanks.

Avatar
Josh Hendricks
Nov 02, 2017
Milestone Systems

Great, now I'm going to be thinking of use cases for turning an IP camera into an IR blaster all day.

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions