Security researchers have found even more vulnerable IoT devices waiting to be taken advantage of by the Mirai botnet and consorts. Several backdoors have been discovered in over 80 different IP camera models produced by Sony Corp. Moreover, there is close to half a million white-label IP cameras that are vulnerable to similar attacks. This is not a positive development, and only a sign of what is to come in the years ahead.
The growing network of IoT devices is both a positive and troublesome development. On the one hand, it is good to see more electronics being made accessible, whether through online interfaces or mobile applications. But these devices also suffer from lackluster security features, which make them extremely vulnerable to attacks and malware.
SEC Consult, an Austrian security firm, discovered two different backdoor accounts affecting Sony IPELA Engine IP Cameras. These devices are mainly used by large enterprises and government authorities. By using one of these two user accounts, hackers can gain remote access to these devices and take over the built-in web server. Once that step has been completed, they can do virtually anything they want.
In most cases, it seems plausible to assume that assailants will execute a telnet attack. Through this protocol, assailants scan complete remote logins over the Internet, the same attack vector used by the Mirai malware. Putting two and two together reveals that these
Sony Corp IP cameras will be targeted by Mirai malware soon, assuming that has not happened already.
For now, it remains unclear how many of these devices could be vulnerable to a telnet attack, though. KrebsOnSecurity mentioned how there are over 4,000 devices reachable over the Internet, putting all of those devices at risk of being attacked. However, it is possible that the final numbers will be much higher.
Unfortunately, these are not the only types of IP cameras vulnerable to attack by the Mirai botnet. Cybereason security researchers discovered two new flaws affecting dozens of IP camera families produced under different brand names. The vast majority of these devices can be purchased on eBay or Amazon, making them widely accessible, and significant security risks.
To make matters worse, these devices can still be exploited when behind a firewall. This is rather unusual, since firewalls should be perfectly capable of eliminating any hacking attempts by assailants. All of these cameras have a factor-default P2P communication capability that enables remote cloud access through the manufacturer’s website.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…
Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…
The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…
The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…
Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…
While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…