IREXF: Data Exfiltration from Air-gapped Networks by Infrared Remote Control Signals

TL;DR

This paper introduces IREXF, a novel covert channel exploiting infrared remote control signals to exfiltrate data from air-gapped networks via maliciously implanted infrared modules, demonstrating feasible data rates and countermeasures.

Contribution

It presents a new infrared-based covert channel method for data exfiltration from air-gapped networks using malicious infrared modules embedded in keyboards.

Findings

Data exfiltration rate up to 2.62 bits/sec

Infrared covert channel can be established via IoT-enabled appliances

Countermeasures for detection and elimination are proposed

Abstract

he technology on infrared remote control is widely applied in human daily life. It is also applied in the place with a top security level. Infrared remote control signal is regarded as a simple, safe and clean resource that can help us control the electrical appliances nearby. In this paper, we build IREXF, a novel infrared optical covert channel from a well-protected air-gapped network via a malicious infrared module implanted previously into a keyboard. A malware preinstalled in the air-gapped PC receives the data from the malicious infrared module to study the infrared surroundings in the air-gapped network. Once a suitable appliance is found, infrared remote control commands will be sent in a proper time. With the development of technology on Internet of Things, more and more electrical appliances can access Internet. Those infrared command signals exfiltrating out of the air-gapped network can be received by an appliance without any malicious configuration. In our experiment, via a smart TV set-top box, the rate of the covert channel can be up to 2.62 bits per second without any further optimization. Finally, we give a list of countermeasures to detect and eliminate this kind of covert channels.