EM Eye, EMSide-channel Eavesdropping on Embedded Cameras
EM Eye investigates a cybersecurity attack where the attackers eavesdrop on the confidential video data of cameras by parsing the unintentional electromagnetic leakage signals from camera circuits
From the github website:
This leakage happens on the physical/analog layer of camera systems and thus allows attackers to steal victim’s camera data even when perfect software protections (e.g., unbreakable passwords) are all in place. Exploiting the eavesdropped videos, attackers can spy on privacy-sensitive information such as people’s activities in an enclosed room recorded by the victim’s home security camera.
The research team (see members and github links below) investigated a variety of camera’s and IoT devices and proved that the leaked signals carry all the information to recreate the image next to the actual sensor produced image, exposing a real security issue .
From the report:
Our non-exhaustive tests with 12 different models of smartphone cameras, dash cams, and home cameras show that this this vulnerability widely exists in commercial off-of-the-shelf (COTS) camera devices. The seriousness of information leakage depends on several factors of each camera device, such as the size and shielding of their transmission cables/circuits.
IoT Development Platforms: Almost all of today’s IoT dev platforms are susceptible to this attack. We could eavesdrop on Nvidia Jetson, and Asus Tinkerboard, and Raspberry Pi cameras at very long distances: DIY home security cameras using Raspberry Pi may not be such a good idea!
The research team: