Before the Bluetooth technology kicks in, infrared remote control has been widely used. Many systems still use IR as their control interface. With the proliferation of new smart devices with IR-related components, such as face recognition systems, night vision infrared cameras, slow motion cameras, etc., this ancient technology may bring some new attack surfaces.

First, we will demonstrate a new attack scenario. After a COTS security camera is pwned through Internet, the infrared night vision fill light could be flashed to control devices such as TV and AC. In this way, dumb devices that were originally considered to be air-gapped will also face security threats from the network side. With much greater TX power, larger area could be influenced. Additional attack surfaces will also be discussed.

Second, we will demonstrate the use of an electric drill and a pure mechanical design similar to a fan blade, constructed as a Spatial Light Modulator. We will demonstrate how to construct a remote control signal that can be recognized by COTS IR remote control from still infrared light. Who said hacking an electric fan doesn't matter?

Third, we will analyze the frame structure of an infrared remote control signal by utilizing a smartphone with 960fps 'Super Slow-mo' function as a poor man's logic analyzer.

Bio
Wang Kang is a Security Expert of Alibaba Group, focusing on security issues of IoT, cyber-physical system, V2X, and trusted computing. He is a contributor of Linux Kernel, (TDD-LTE USB Dongle support) as well as a founder of the Tsinghua University Network Administrators. He was a speaker at Black Hat {Europe 2015, USA 2017, USA 2018, Asia 2019}, Virus Bulletin 2018, HITB {Dubai 2018, AMS 2019}.