Can Hackers Use IR Lights to Steal Data Through Security Cameras?

A security expert debunks new research that claims security cameras can be hacked through their IR lights.

Researchers at Israel’s Ben-Gurion University of the Negev have discovered how hackers can use IR security cameras “to establish bi-directional covert communication between the internal networks of organizations and remote attackers.”

According to researchers, hackers can flash the infrared lamp of a camera on and off to transmit data to anyone in range without people being able to see that the camera is behaving strangely, since humans cannot see infrared light.

In an exfiltration scenario, malware within an organization accesses surveillance cameras across the local network and controls the IR illumination, where sensitive data such as PIN codes, passwords and encryption keys are then modulated, encoded and transmitted over the IR signals.

In an infiltration scenario, an attacker standing in a public area can use IR LEDs to transmit hidden signals to a surveillance camera. Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals. The signals hidden in the video stream are then intercepted and decoded by the malware residing in the network, according to the researchers.

The researchers say the attackers can communicate with the cameras at a distance of tens to hundreds of meters away, stating, “Data can be leaked from [a] network at a bit rate of 20 bit/sec (per camera) and be delivered to the network at bit rate of more than 100 bit/sec (per camera).”

This all happens unbeknownst to the end user. Fortunately for them, SSI asked resident security expert Bob Grossman for his take on the findings, and he disagrees:

This is just silly.

While it is possible in theory, you’d need to modify the hardware on the camera and the system software to do it. You don’t have very fine control over camera IR lighting, and there’s significant latency (the lag between when you tell the light to go on and when it goes on) so I don’t know how you’d flash the lights on any commercially available camera. And high security installations generally use light as well, meaning they can disable the IR illuminators either in hardware or software.

So, this isn’t something someone could do to an existing system just by hacking into an installation. And with proper network design, cameras are isolated from the outside world so there’s no direct access to their firmware.

But it’s an interesting “what if” story…

So there you have it. Instead of being worried about getting hacked through your IR cameras, instead focus on having a solid password for your network and change any default login credentials that come with your security cameras.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Steven A. Karantzoulidis is the Web Editor for Security Sales & Integration. He graduated from the University of Massachusetts Amherst with a degree in Communication and has a background in Film, A/V and Social Media.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters