What high-tech, ultra-secure data center would be complete without dozens of video cameras directed both inward and outward? After all, the best informatic security means nothing without physical security. But those eyes in the sky can actually serve as a vector for attack, if this air-gap bridging exploit using networked security cameras is any indication.
It seems like the Cyber Security Lab at Ben-Gurion University is the place where air gaps go to die. They’ve knocked off an impressive array of air gap bridging hacks, like modulating power supply fans and hard drive activity indicators. The current work centers on the IR LED arrays commonly seen encircling the lenses of security cameras for night vision illumination. When a networked camera is compromised with their “aIR-Jumper” malware package, data can be exfiltrated from an otherwise secure facility. Using the camera’s API, aIR-Jumper modulates the IR array for low bit-rate data transfer. The receiver can be as simple as a smartphone, which can see the IR light that remains invisible to the naked eye. A compromised camera can even be used to infiltrate data into an air-gapped network, using cameras to watch for modulated signals. They also demonstrated how arrays of cameras can be federated to provide higher data rates and multiple covert channels with ranges of up to several kilometers.
True, the exploit requires physical access to the cameras to install the malware, but given the abysmal state of web camera security, a little social engineering may be the only thing standing between a secure system and a compromised one.
He’s using ten hobby micro servos connected to an Arduino Nano, all mounted on a kitchen chopping board, with a few other bits thrown in to round out the build. There’s one pair of servos for each finger. A five bar linkage converts the servo rotations to two-dimensional motion. The end of the linkage has a swiveling metallic disk. Patient fingers are attached to these discs via magnetic metal pads that are attached to the end of the fingers using adhesive plaster tape. Two push buttons cycle through a large number of exercise modes and two potentiometer’s help adjust the speed and smoothness (the number of points calculated for the desired motion). Two 7-segment LED display modules connected to the Arduino provides a visual interface showing program modes, speed, number of cycles and other relevant information. Replicating the project ought to be very straightforward since the device uses off-the-shelf parts which are easy to put together using the detailed build instructions, photos and code posted on [Sergei]’s project page. Check out the videos below to see the rehab helper in action.
