Are IOT devices simply screwed? Or do manufactures simply not care about security?

by | May 10, 2019 | Habib O

Are IOT devices simply screwed? Or do manufactures simply not care about security?

Reports have claimed the discovery of a botnet that controls upwards of 25,000 compromised internet connected CCTV cameras. The botnet was discovered during an investigation of a ddos attack on a regular jewelry store by security firm Sucuri.

While a DDOS attack may at first seem like nothing, it lasted for days and because of this, researchers became curious of the source of the attack. Through the investigation, researchers at Sucuri found that most of the IP addresses used in the attack originated from Taiwan. It should also be noted that the attack was reasonably large. The initial attack was a layer 7 DDOS attack, pushing out about 35,000 HTTP requests a second. However the attackers eventually upped it to an astonishing 50,000 HTTP requests every second.

Now this can’t possibly be the only 25,000 strong botnet, but the ddos power of a normal botnet may fluctuate significantly throughout the day. For example if most of a botnets infections are in the US, then it will have more power around mid day in the US, when most bots are online. This botnet however, has managed to infect devices that are online almost all of the time, therefore it will have roughly the same power through out the day.

Upon a closer investigation of the compromised CCTV cameras, it was found that about 40 percent of them where generic H.264 DVR brand CCTV cameras. Often times, security if not highest on the priority list of the manufactures. Sometimes even larger companies like Elvox, Qsee, Novus, and Questek have vulnerabilities in their firmware. In fact, all of the companies that I have just listed had products that where present in this botnet. However all (or at least most) of the devices that are a part of this botnet, run BusyBox, which a collection of Unix like tools that could allow an attacker to use the machine as if it was a normal Linux machine, or most importantly, use the “wget” command to download and execute malware.

This also is not the first time that internet connected CCTV cameras have been hacked and used in a botnet. In October of 2015, it was found that over 900 internet connected CCTV cameras had been hijacked and where being used in a similar fashion to conduct DDOS attacks. It is believed that these 900 CCTV cameras has been brutefored and almost all of them had default or weak passwords (root:root anyone?).

In conclusion, I don’t think this is the last of IOT (Internet Of Things) botnets, with everything from routers to refrigerators being infected with malware, who knows what’s next. In a 2014 report by IHS, there are over 245 million security cameras installed around the world so it is likely that this is not the only botnet that is taking advantages of vulnerabilities in CCTV cameras, its just this one got detected.

Habib O

Self proclaimed tech enthusiast looking to expand my personal portfolio. Click my profile to find out more. PS. If you give me something i will break it.