How the Security Camera Malware Threat Works

Cyber security vulnerabilities are rampant among the electronic devices of today.  These are not only true because of the sheer numbers of devices, but also true because of our increasing demand Hikvision’s cameras to be newer and faster and stronger, and to be released quickly.  In many cases, the latest technology is released without having been fully tested against all of the many potential threats that could be posed.

There is really no way to know who an attacker might attempt to mount a threat.  Sometimes the engineers or developers do not know there is vulnerability before releasing the device or updating the system.  And even after the most thorough of inspections, it is not always easy to anticipate what might turn out to be a risk to your devices down the road.


Take, for example security camera malware.  A few years ago it was discovered that a type of malware could be able to manipulate a security camera’s infrared capabilities to be a channel for data exfiltration.  The infrared capabilities of these modern devices could also be used as a means to receive commands from its remote operators. And since the human eye cannot detect infrared light, this type of infiltration is difficult for humans to detect at first, or at least, from simply monitoring the devices.  Fortunately, this exploit has been properly managed, but it was quite the deception at the time.


At the time this malware—which has long been remedied—was discovered, the program was able to collect data from an infected computer, extrapolate and decommission it for transmission through the camera’s API. The malware would use the camera’s infrared LED’s to blink communicative patterns and sequences as a way to conduct its data exfiltration from the infected network.

However, this threat only works if the attacker is sitting within range of the security camera’s blinking LEDs to record the blinking sequence.  They could then take this recorded data and translate through special software that would reconstruct the blinks into binary code, which could then be further divested into real stolen data.


In addition to stealing data, an attacker using this exploit could also send new commands to the security camera. This might allow for remote access of the camera’s video feed, increased detection of LED transmissions, and the conversion of new incoming blinks into yet more commands for execution at a later time.