Botnets are a far more serious cyber threat than most people give it credit for. As we saw with the DynDNS outage last year, a botnet can shut down quite a few popular internet service with relative ease. Researchers now claim hundreds of thousands of IP cameras are vulnerable to attack by botnet malware. By the look of things, the next major cyber attack is looming just around the corner.
IP Cameras Are A Prone Target For Botnet Malware
The people responsible for creating and distributing malware that turns devices into part of a botnet often take advantage of lackluster security precautions. Many consumer devices are connected to the internet, although very few of them are effectively protected in a secure manner. This lack of security precautions allows hackers to attack these devices and ultimately exert control over them.
While it is unclear as to which type of device are targeted more often than not, security researchers have discovered quite a few IP cameras may pose significant targets. Hundreds of thousands of such devices suffer from flaws that make them a valuable target to botnet operators. By adding such a large amount of devices to their existing botnet, the amount of damage that can be done increases exponentially.
Various zero-day vulnerabilities have been discovered in GoAhead and Wireless IP cameras. As one would somewhat expect, the majority of vulnerabilities can be found in Chinese IP cameras. Particularly the Wireless IP Camera WIFICAM has proven to be vulnerable to these types of attacks. Most vendors buy up these devices in large batches and load custom software on the machines. This is exactly what makes this issue so disturbing, as it is this custom software containing the vulnerabilities in question.
Research indicates there are close to 200,000 cameras that need to be considered as vulnerable targets. The majority of these cameras are hosted in China, although nearly 20,000 made their way to the United States. Thailand, Hong Kong, and Vietnam complete the top 5 list of locations where these vulnerable IP cameras can be found as of right now. It is important to note the GoAhead web server software embedded in these devices is not vulnerable, yet any custom iterations of this software may contain vulnerabilities.
Although the number of affected devices is quite disconcerting, it appears these IP cameras are only a part of a bigger problem. All of these cameras make use of a cloud functionality – which is enabled by default – which is a set of clear-text UDP tunnels. These connection tunnels can be hijacked by an attacker to send HTTP requests to a specific target. This will eventually result in these devices being used for a major distributed denial-of-service attack.
It is impossible to predict whether or not cyber criminals will look to exploit this vulnerability in the near future. If the manufacturers and software distributors can fix the software vulnerabilities in a timely manner, this will not pose to be much of a problem. However, in most cases, fixing such software issues take several months, if not years, to be addressed. A very troublesome situation, to say the least.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.