When it comes to protecting a bank or even your home, security cameras are on one of the first lines of defense. But what if those cameras aren’t as secure as we all think?
New research from Northeastern University confirms that there might be a massive gap in our security infrastructure –– and it comes from the very devices designed to protect it.
Kevin Fu, a professor of electrical and computer engineering at Northeastern who specialises in cybersecurity, has figured out a way to eavesdrop on most modern cameras, from home security cameras and dash cams to the camera on your phone. Called EM Eye, short for Electromagnetic Eye, the technique can capture the video from another person’s camera through walls in real time. It redefines the idea of a Peeping Tom.
According to Fu, anyone with a few hundred dollars of equipment, a radio antenna and a little bit of engineering know-how could do this. The problem, Fu says, is not the lens but the wires inside most modern cameras.
“With your typical security camera, on the inside there’s a camera lens and then there’s got to be something else on the inside, like a computer chip, that’s got a wireless connection back to the internet,” Fu says. “There are wires between two different chips inside [these cameras,] and those wires give off electromagnetic radiation. We pick up that radio, and then we decode it and it just happens to be that we get the real-time encoded video.”
The data transmission cable that sends a video as bits and bytes ends up unintentionally acting as a radio antenna that leaks all kinds of electromagnetic information, including those bits and bytes. If someone had the desire and the technical knowledge, they could take that electromagnetic signal and reproduce the real-time video, without audio. The technique exposes a gap in how manufacturers approach the design and production of cameras.
“The state of modern smartphone cameras is [manufacturers] try really hard to protect the intentional digital interfaces, the actual upload channel to the cloud,” Fu says. “They don’t appear to put a lot of effort into the leakage of information through unintended channels. They never intended for this wire to become a radio transmitter, but it is.”
The version of the video that Fu and his team get is initially distorted –– it looks almost like an X-ray –– due to pixel loss in the process of being transmitted. However, using machine learning, Fu and his team were able to clean up the video to appear much closer to the original.
Fu and his team have tested EM Eye on 12 different kinds of cameras, including smartphone cameras, dash cams and home security cameras. Results vary on how far away someone would have to be in order to eavesdrop on these different devices. For some, a peeping Tom would have to be less than 1 foot away; for others, they could be as far away as 16 feet.
However, he says, if someone had enough technical know-how, it would take very little to extend that range.
More importantly, since EM Eye eavesdrops on the wires, not a computer recording footage to a hard drive, your camera doesn’t actually have to be recording in order for someone to eavesdrop on it.