$55 surveillance camera hacked by Mirai botnet within 98 seconds

0
1813
The Internet of Things has become more of a joke lately because of the never ending styles of exploitation that these poor devices are being subjected to by malicious cybercriminals and hackers.
It is now widely believed that the IoT devices are seriously prone to cyber attacks as their various inherent vulnerabilities make them easy targets for attackers.
The latest flaw in the severely hyped IoT devices was discovered by a tech industry veteran Robert Stephens, who identified that his security camera could be compromised within 98 seconds only as soon as it gets connected to Wi-Fi.
This was merely an experiment from Stephens but even then he was cautious enough to rate his network as limited and isolated the camera from the rest of the network-connected devices so as to ensure that a DDoS attack is prevented.
When he was able to compromise the camera he carefully kept observing the traffic in order to check attempts from third-parties to control the vulnerable device.
However, he didn’t expect it to occur in less than two minutes’ time.
To his surprise, after 98 seconds, the camera was plagued with a Mirai type worm and it became apparent to Stephens that the default login and password were exposed.
The worm started checking out the device it had newly captured and completely downloaded itself on the camera.
If Stephens wasn’t wise enough to lock the device beforehand, he would have been in great trouble as the device would have become an open platform for malicious attackers to play their games.
The camera used for this experiment was a cheap one created by a company that is known for selling smartwatches for 12USD.
So, it is obvious that the camera wasn’t a very reliable one and was not created by a top-class brand.
Stephens stated that although this vulnerability in security cameras can be fixed with simple password change or a firmware update but not all users are aware of it and this also cannot be done in two minutes.
Here is a series of tweets from Stephens explaining what happened and how:

View image on Twitter

View image on Twitter

 

Rob Graham @ErrataRob
1/x: So I bought a surveillance camera
 2/x: I setup a RPi as a router/firewall/NAT to isolate it from my home network, and rate limit outgoing stuffhttp://blog.erratasec.com/2016/10/configuring-raspberry-pi-as-router.html 
  • View image on Twitter
3/x: Within 5 minutes, it was compromised by the Mirai botnet/worm:
  • View image on Twitter
4/x: then grabs the processor info directly
  • View image on Twitter
5/x: looks for ‘wget’ or ‘tftp’ in order to download binaries the easy way
View image on Twitter
6/x: that doesn’t work, so has to download the virus binary the hard way
  • View image on Twitter
7/x: And when it’s done, it runs the binary, and the box is now officially infected:
  • View image on Twitter
8/x: Actually, it took 98 seconds for first infection
  • View image on Twitter
9/x: but by something that isn’t Mirai, but something else similar to it
10/x: This camera I got off http://Amazon.com  for $55:https://www.amazon.com/gp/product/B00OYBB08M/ref=oh_aui_detailpage_o03_s00?ie=UTF8&psc=1 
Photo published for 720P Wi-Fi Security Camera Onvif 2.4, Infrared 50ft Night Vision for Indoor/Outdoor Waterproof CCTV

720P Wi-Fi Security Camera Onvif 2.4, Infrared 50ft Night Vision for Indoor/Outdoor Waterproof CCTV

Security Camera Wireless, JideTech 1080*720 1.0 MegaPixel Network Dome Camera Supports Wi-Fi, Onvif 2.4, Infrared 50ft in Night for Indoor & Outdoor, Mini Style Specification of Security Camera…

 

  • View image on Twitter
11/x: Bah, I’ve got my isolation rules setup wrong, blocking outbound TCP, so I’ve been inadvertently preventing further infection
12/x: Ignore that last tweet. It appears that connecting to those ports is difficult anyway, even from another machine.
  • View image on Twitter
  • View image on Twitter
  • View image on Twitter
17/x: I think I’ve got my firewall configured correctly, blocking outbound port 23, so these shouldn’t be hitting the Internet.
View image on Twitter
18/x: Oooo, noooes, one of the infections killed the Telnet daemon and kicked me off!!! Jerks.
Remember, Internet’s largest ever DDoS attack was conducted on France-based OVH hostings who suffered 1Tbps attack with security cameras compromised by Mirai DDoS botnet. Mirai was also involved in DDoS attack on Dyn DNS that forced Twitter, PayPaland other giants to go offline.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.