Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cheap Web Cams Can Open Permanent, Difficult-To-Spot Backdoors Into Networks

Posted by timothy on from the free-webcam-for-our-valued-customers dept.

An anonymous reader writes: They might seems small and relatively insignificant, but cheap wireless web cams deployed in houses and offices (and connected to home and office networks) might just be the perfect way in for attackers. Researchers from the Vectra Threat Lab have demonstrated how easy it can be to embed a backdoor into such a web cam, with the goal of proving how IoT devices expand the attack surface of a network. They bought a consumer-grade D-Link WiFi web camera for roughly $30, and cracked it open. After installing a back-door to the Linux system that runs the camera, and then turning off the ability to update the system, they had an innocent seeming but compromised device that could be stealthily added to a network environment.

3 of 77 comments (clear)

  1. Why webcams? by Anonymous Coward · · Score: 5, Informative

    Put ANY compromised hardware on your network, and it's no longer secure. This is news?

    1. Re: Why webcams? by DaHat · · Score: 3, Informative

      How do you know if the device is compromised?

      While you hopefully won't use one sent by a known enemy (thanks for spoiling the surprise Greeks!), how do you ensure that a unit you picked up used on eBay or Craigslist wasn't backdoored?

      Opt only to buy retail or online from major vendor? Same issue. How do you know someone hasn't purchased the device, tampered with it, repackaged it with some shrinkwrap then returned it? .. Or worse, intercepted the shipment prior to you getting it?

      --
      Help Brendan pay off his student loans
  2. Easy to protect against. by Lumpy · · Score: 3, Informative

    I have several 1080P Onvif china security cameras that are known to send video back to China. it is trivial to make these 100% secure and hacker proof disabling all backdoors if you have education and knowledge.

    At home, I can see people having the problem as 99% of all citizens are IT Uneducated. but a business? there is ZERO excuse.

    I put them on their own VLAN separate from everything else, they can only talk to the recorder PC and that PC can talk to both networks so we can view the camera streams. Camera VLAN has zero access to the internet, Recording PC that is straddling two networks has simple rules as well to prevent data leaking.

    And this is the sad part. Most businesses don't have competent IT that even has the first clue about network security. Plus you should ALWAYS have no trust for any device on your network. Treat them all as hostile and only let them have what is needed to do what you want.

    Businesses that don't spend money on IT that is competent deserve what they get.

    --
    Do not look at laser with remaining good eye.