• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

$55 surveillance camera hacked by Mirai botnet within 98 seconds

November 23rd, 2016 Waqas Hacking News, Security 0 comments
$55 surveillance camera hacked by Mirai botnet within 98 seconds
Share on FacebookShare on Twitter

The Internet of Things has become more of a joke lately because of the never ending styles of exploitation that these poor devices are being subjected to by malicious cybercriminals and hackers. It is now widely believed that the IoT devices are seriously prone to cyber attacks as their various inherent vulnerabilities make them easy targets for attackers.

Must Read: Creepy website shows live footage from 73,000 Private Security Cameras

The latest flaw in the severely hyped IoT devices was discovered by a tech industry veteran Robert Stephens, who identified that his security camera could be compromised within 98 seconds only as soon as it gets connected to Wi-Fi.

This was merely an experiment from Stephens but even then he was cautious enough to rate his network as limited and isolated the camera from the rest of the network-connected devices so as to ensure that a DDoS attack is prevented.

When he was able to compromise the camera he carefully kept observing the traffic in order to check attempts from third-parties to control the vulnerable device. However, he didn’t expect it to occur in less than two minutes’ time. To his surprise, after 98 seconds, the camera was plagued with a Mirai type worm and it became apparent to Stephens that the default login and password were exposed.

Also Read: BlackNurse Attack Can Bring an Entire Business Offline with Just One Laptop

The worm started checking out the device it had newly captured and completely downloaded itself on the camera. If Stephens wasn’t wise enough to lock the device beforehand, he would have been in great trouble as the device would have become an open platform for malicious attackers to play their games.

The camera used for this experiment was a cheap one created by a company that is known for selling smartwatches for 12USD. So, it is obvious that the camera wasn’t a very reliable one and was not created by a top-class brand.

Stephens stated that although this vulnerability in security cameras can be fixed with simple password change or a firmware update but not all users are aware of it and this also cannot be done in two minutes.

Here is a series of tweets from Stephens explaining what happened and how:

1/x: So I bought a surveillance camera pic.twitter.com/HbmPzrZgFK

— Robᵉʳᵗ Graham 🤔 (@ErrataRob) November 18, 2016

2/x: I setup a RPi as a router/firewall/NAT to isolate it from my home network, and rate limit outgoing stuffhttps://t.co/DTcqOUKyF3

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

3/x: Within 5 minutes, it was compromised by the Mirai botnet/worm: pic.twitter.com/ZL3kLk5HI3

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

4/x: then grabs the processor info directly pic.twitter.com/dURoy9tYgA

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

5/x: looks for ‘wget’ or ‘tftp’ in order to download binaries the easy way pic.twitter.com/iqKynmX41o

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

6/x: that doesn’t work, so has to download the virus binary the hard way pic.twitter.com/BMEJjyCNH6

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

7/x: And when it’s done, it runs the binary, and the box is now officially infected: pic.twitter.com/iggDPSZlri

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

8/x: Actually, it took 98 seconds for first infection pic.twitter.com/EDdOZaEs0V

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

9/x: but by something that isn’t Mirai, but something else similar to it pic.twitter.com/acgDOiPQs3

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

10/x: This camera I got off https://t.co/O9nibldQwY for $55:https://t.co/C7NmuGB5uM

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

11/x: Bah, I’ve got my isolation rules setup wrong, blocking outbound TCP, so I’ve been inadvertently preventing further infection pic.twitter.com/SVwMsNgVpG

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

12/x: Ignore that last tweet. It appears that connecting to those ports is difficult anyway, even from another machine.

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

13/x: So I’ve got what appears to be two active infections (the shells with PID greater than 2000). pic.twitter.com/5JyYoNm7nM

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

14/x: so after it loads the first stage Mirai, it then connects out to download the full virus, like from here:
pic.twitter.com/ntTxsNnm1i

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

15/x: once it downloads that, it runs it and starts spewing out SYN packets at a high rate of speed, looking for new victims pic.twitter.com/aJAvC3HBbq

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

16/x: It appears to send out a burst of 150 Telnet packets looking for victims, then wait a second for any responses, then continues

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

17/x: I think I’ve got my firewall configured correctly, blocking outbound port 23, so these shouldn’t be hitting the Internet.

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

18/x: Oooo, noooes, one of the infections killed the Telnet daemon and kicked me off!!! Jerks. pic.twitter.com/a82o0SFj3B

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

19/19: Time for bed. Powering off to power back on and play some more tomorrow.

— Rob Graham 🦃 (@ErrataRob) November 18, 2016

Remember, Internet’s largest ever DDoS attack was conducted on France-based OVH hostings who suffered 1Tbps attack with security cameras compromised by Mirai DDoS botnet. Mirai was also involved in DDoS attack on Dyn DNS that forced Twitter, PayPal and other giants to go offline.

[fullsquaread][/fullsquaread]

Also Read: This IoT Scanner Shows if Your Device is Vulnerable to be used in DDoS Attacks

Let’s hope that good quality IoT devices will offer better protection against such worms and are able to block all incoming traffic till the time they are connected with other devices or set up manually. But at the moment, it seems like a far cry.

  • Tags
  • Botnet
  • DDOS
  • hacking
  • internet
  • IoT
  • Malware
  • Mirai
  • Privacy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Users Reporting Electronic Arts and PlayStation Servers are Down
Next article FBI hacked 8K computers in 120 countries against child pornography site
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Cryptocurrency exchange in liquidation due to hack, hacked again

Cryptocurrency exchange in liquidation due to hack, hacked again

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us