AIR-Jumper: How can security camera lights transmit data?

Source: Vsoftsystems, 10/09/2018

Researchers developed aIR-Jumper, an exploit that leverages lights
within security cameras to extract data. Learn how this attack works
and how to prevent it with expert Nick Lewis.
Researchers at Ben-Gurion University in Israel developed a
proof-of-concept exploit called aIR-Jumper that uses lights within
security cameras for both data exfiltration and infiltration of
air-gapped networks. How does this attack work? Should enterprises
take any preventative steps with their security cameras?
Side-channel, covert channels and similar sensor-based attacks are
typically used for targeted campaigns because they are
resource-intensive, require physical access to a particular system and
take a high level of skill. Even though these prerequisites decrease
the chance that an enterprise will be attacked in this way, it doesn`t
mean that enterprises should stop assessing the risk of targeted
attacks in their high security environments.
Once the highest risks are addressed, an enterprise may want to
determine if any resources should be devoted to targeted attacks.
Likewise, manufactures of devices and systems that are used in high
security environments should evaluate their products to see if they
can prevent them from being used in a targeted attack.
The researchers at Ben-Gurion University developed aIR-Jumper to
leverage lights within security cameras as a covert channel to
transmit data. As surveillance cameras are not known to incorporate
general security practices, it`s not surprising that they open an
environment to significant unknown risk when they`re not secured.
In this attack, it is assumed that malicious software is installed on
an air-gapped network, and that security cameras are accessible from
the infected system. This is a reasonable scenario in a remote
location that lacks an internet connection.
The aIR-Jumper attack uses preinstalled malware to connect to
unsecured security cameras, and it can then turn the infrared light on
and off to transmit data. Some security cameras can be controlled via
API calls to the web interface, which is how the researchers were able
to turn the infrared light on and off to create the covert channel.
The malware receives data by monitoring the video stream for the same
infrared signals used to transmit the data, and then decodes it to use
for a command-and-control connection.
Regardless of the attack details, enterprises should ensure security
cameras and other insecure devices are separate from the rest of their
network to limit risks from insecure devices.