Hacking a CCTV camera is worryingly easy. Many such devices have poor security practices with default passwords and remote access enabled from installation. The bandwidth of vulnerable IP cameras can easily be put into service as part of a botnet then used to launch DDoS attacks. A breach of a CCTV camera may also allow attackers potential access to the actual camera footage, Mark Nunnikhoven, vice president of cloud research at Trend Micro, told Dark Reading.
Last year, Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, ran a demonstration showing the ability to exploit a flaw in cameras specifically containing code from Chinese manufacturer Dahua. As shown on the IoT search engine Shodan, Dahua’s software can be found, and potentially tampered with, in just over 400,000 devices. In a matter of seconds, Galloway was able to switch out the real feed for an alternative one. High-tech heists were shown to be made considerably easier with such a quick hack of a CCTV camera.
Dahua put out a patch shortly after the vulnerability came to light and the U.S. Computer Emergency Response Team also put out an alert; however, Galloway doesn’t think that many owners would have updated their devices, as was the case with Mirai.
This is in part because updating is a manual process. The user first needs to discern whether they are vulnerable or not before downloading and installing the new software. Unlike major manufacturers like Apple or Google, smaller firms will not alert customers to problems as a matter of procedure, and the protocol to install an update is not always as simple as just clicking a button.
Following Galloway’s demonstration in September, the Reaper came to light. Instead of just trying to guess default passwords on digital video recorders (DVRs) to grow as Mirai had done, Reaper fires exploit code at vulnerabilities in alike devices, including IP cameras, network video recorders and home routers. These products include gear manufactured by Netgear, D-Link and Linksys, among others. Cybersecurity researchers have said that almost 2 million devices are susceptible to Reaper’s exploits.
Reapear borrowed code from Mirai, but penetrates systems via older weaknesses than that which Galloway found in Dahua; and it is continually being updated. “IoT Reaper has the potential to be much more powerful than Mirai,” warned Ken Munro, partner at Pen Test Partner.
Noone yet knows what the purpose of the IoT botnet is, or how many bots comprise the botnet.
“We are currently seeing approximately 30,000 devices participating in this botnet and assume that this is a narrow prism of the network which could be of a much larger scale — a tenfold will make sense,” said Maya Horowitz, threat intelligence group manager at Check Point.
Horowitz thinks that the most obvious use for Reaper would be a DDoS attack, following in the wake of Mirai. “Such an attack could either be for the sake of general chaos, or more targeted at a specific country,” she added.