Slashdot Mirror
New IoT Malware Targets 100,000 IP Cameras Via Known Flaw (csoonline.com)
Researcher Pierre Kim has found a new malware, called Persirai, that has been infecting over 100,000 Chinese-made, internet-connected cameras. According to Trend Micro, the malware has been active since last month and works by exploiting flaws in the cameras that Kim reported back in March. CSO Online reports: At least 1,250 camera models produced by a Chinese manufacturer possess the bugs, the researcher went on to claim. Over a month later in April, Trend Micro noticed a new malware that spreads by exploiting the same products via the recently disclosed flaws. The security firm estimates that about 120,000 cameras are vulnerable to the malware, based on Shodan, a search engine for internet-connected hardware. The Persirai malware is infecting the cameras to form a botnet, or an army of enslaved computers. These botnets can launch DDoS attacks, which can overwhelm websites with internet traffic, forcing them offline. Once Persirai infects, it'll also block anyone else from exploiting the same vulnerabilities on the device. Security firm Qihoo 360 has also noticed the malware and estimated finding 43,621 devices in China infected with it. Interestingly, Persirai borrows some computer code from a notorious malware known as Mirai, which has also been infecting IoT devices, such as DVRs, internet routers, and CCTV cameras, but by guessing the passwords protecting them.
simple as that. Access cams from a local server, and access that server from the internet. ALL IP cameras are shit for security, just like Trump is shit.
The Chinese don't care.
You can't fix this China Syndrome.
you know that, I know that. However the people who buy these things do not know that and do not read reports of security issues; they probably would not even know if one of their IoT devices were used in a DDOS or something. The Chinese manufacturer loses interest once he has sold it to a distributor; the distributor and retailer just want to buy something as cheaply as possible to maximise profits.
The only way of getting this under control is to make the retailer responsible for any problems. They will rapidly realise that this will cost them a lot and so seek better (more secure) devices. I cannot see this happening for a long time.
There is a simple solution. Do not buy Chinese hardware or software. So much of it is already known to have backdoors that phone home to Chinese IP addresses. And when there are vulnerabilities, the Chinese manufacturers have no interest in supporting their products and fixing the problems. This calls for a regulatory solution to require that those products be built in the United States or undergo government screening to guarantee that they don't phone home or contain malware. A condition of import should be that the manufacturer provide support, including security updates, for a reasonable length of time like five years. If China can demand access to the iOS source code, the United States can do the same thing to Chinese imports. The regulatory hurdles might make it easier for businesses to simply manufacture their products in the United States, which is a desirable outcome.
- snruter rotsac
Keep that shit out of my house. I don't want it. My X10 works fine. Usually.
simple as that. Access cams from a local server, and access that server from the internet. ALL IP cameras are shit for security, just like Trump is shit.
No, it's not that simple - if your lightbulb is on the same LAN as the camera it can pass on an infection.
Now then, it's a _problem_ that IoT devices seem to now require MAC-level isolation. I already have my [wired] Chinese camera on its own VLAN with ingress and egress firewall rules, but my WiFi devices are behind Ubiquiti gear which is nice but only allows for four SSID's.
AP Isolation would help, but then things like Chromecast will all break (and maybe some lightbulb meshes?).
AFAICT, the threats are now ahead of the defenses and that's a real problem we don't have a solution for.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I know that, but this means disabling UPNP on my box. This means that the application provided with my IP cam can not be used anymore and that I can not buy any iot.
This lets modern app appers app even more apps while apping other apps!
Apps!
Since nobody is naming the affected cameras, and the researcher inexplicably folded and removed his list on March 16, 2017, here's is a list courtesy of the internet archive. The list is also included here so that robots.txt cannot be used to eliminate it from view.
3G+IPCam Other,3SVISION Other,3com CASA,3com Other,3xLogic Other,3xLogic Radio,4UCAM Other,4XEM Other,555 Other,7Links 3677,7Links 3677-675,7Links 3720-675,7Links 3720-919,7Links IP-Cam-in,7Links IP-Wi-Fi,7Links IPC-760HD,7Links IPC-770HD,7Links Incam,7Links Other,7Links PX-3615-675,7Links PX-3671-675,7Links PX-3720-675,7Links PX3309,7Links PX3615,7Links ipc-720,7Links px-3675,7Links px-3719-675,7Links px-3720-675,A4Tech Other,ABS Other,ADT RC8021W,AGUILERA AQUILERA,AJT AJT-019129-BBCEF,ALinking ALC,ALinking Other,ALinking dax,AMC Other,ANRAN ip180,APKLINK Other,AQUILA AV-IPE03,AQUILA AV-IPE04,AVACOM 5060,AVACOM 5980,AVACOM H5060W,AVACOM NEW,AVACOM Other,AVACOM h5060w,AVACOM h5080w,Acromedia IN-010,Acromedia Other,Advance Other,Advanced+home lc-1140,Aeoss J6358,Aetos 400w,Agasio A500W,Agasio A502W,Agasio A512,Agasio A533W,Agasio A602W,Agasio A603W,Agasio Other,AirLink Other,Airmobi HSC321,Airsight Other,Airsight X10,Airsight X34A,Airsight X36A,Airsight XC39A,Airsight XX34A,Airsight XX36A,Airsight XX40A,Airsight XX60A,Airsight x10,Airsight x10Airsight,Airsight xc36a,Airsight xc49a,Airsight xx39A,Airsight xx40a,Airsight xx49a,Airsight xx51A,Airsight xx51a,Airsight xx52a,Airsight xx59a,Airsight xx60a,Akai AK7400,Akai SP-T03WP,Alecto 150,Alecto Atheros,Alecto DVC-125IP,Alecto DVC-150-IP,Alecto DVC-1601,Alecto DVC-215IP,Alecto DVC-255-IP,Alecto dv150,Alecto dvc-150ip,Alfa 0002HD,Alfa Other,Allnet 2213,Allnet ALL2212,Allnet ALL2213,Amovision Other,Android+IP+cam IPwebcam,Anjiel ip-sd-sh13d,Apexis AH9063CW,Apexis APM-H803-WS,Apexis APM-H804-WS,Apexis APM-J011,Apexis APM-J011-Richard,Apexis APM-J011-WS,Apexis APM-J012,Apexis APM-J012-WS,Apexis APM-J0233,Apexis APM-J8015-WS,Apexis GENERIC,Apexis H,Apexis HD,Apexis J,Apexis Other,Apexis PIPCAM8,Apexis Pyle,Apexis XF-IP49,Apexis apexis,Apexis apm-,Apexis dealextreme,Aquila+Vizion Other,Area51 Other,ArmorView Other,Asagio A622W,Asagio Other,Asgari 720U,Asgari Other,Asgari PTG2,Asgari UIR-G2,Atheros ar9285,AvantGarde SUMPPLE,Axis 1054,Axis 241S,B-Qtech Other,B-Series B-1,BRAUN HD-560,BRAUN HD505,Beaulieu Other,Bionics Other,Bionics ROBOCAM,Bionics Robocam,Bionics T6892WP,Bionics t6892wp,Black+Label B2601,Bravolink Other,Breno Other,CDR+king APM-J011-WS,CDR+king Other,CDR+king SEC-015-C,CDR+king SEC-016-NE,CDR+king SEC-028-NE,CDR+king SEC-029-NE,CDR+king SEC-039-NE,CDR+king sec-016-ne,CDXX Other,CDXXcamera Any,CP+PLUS CP-EPK-HC10L1,CPTCAM Other,Camscam JWEV-372869-BCBAB,Casa Other,Cengiz Other,Chinavasion Gunnie,Chinavasion H30,Chinavasion IP611W,Chinavasion Other,Chinavasion ip609aw,Chinavasion ip611w,Cloud MV1,Cloud Other,CnM IP103,CnM Other,CnM sec-ip-cam,Compro NC150/420/500,Comtac CS2,Comtac CS9267,Conceptronic CIPCAM720PTIWL,Conceptronic cipcamptiwl,Cybernova Other,Cybernova WIP604,Cybernova WIP604MW,D-Link DCS-910,D-Link DCS-930L,D-Link L-series,D-Link Other,DB+Power 003arfu,DB+Power DBPOWER,DB+Power ERIK,DB+Power HC-WV06,DB+Power HD011P,DB+Power HD012P,DB+Power HD015P,DB+Power L-615W,DB+Power LA040,DB+Power Other,DB+Power Other2,DB+Power VA-033K,DB+Power VA0038K,DB+Power VA003K+,DB+Power VA0044_M,DB+Power VA033K,DB+Power VA033K+,DB+Power VA035K,DB+Power VA036K,DB+Power VA038,DB+Power VA038k,DB+Power VA039K,DB+Power VA039K-Test,DB+Power VA040,DB+Power VA390k,DB+Power b,DB+Power b-series,DB+Power extcams,DB+Power eye,DB+Power kiskFirstCam,DB+Power va033k,DB+Power va039k,DB+Power wifi,DBB IP607W,DEVICECLIENTQ CNB,DKSEG Other,DNT CamDoo,DVR DVR,DVS-IP-CAM Other,DVS-IP-CAM Outdoor/IR,Dagro DAGRO-003368-JLWYX,Dagro Other,Dericam H216W,Dericam H502W,Dericam M01W,Dericam M2/6/8,Dericam M502W,Dericam M601W,Dericam M801W,Dericam Other,Digix Other,Digoo BB-M2,Digoo MM==BB-M2,Digoo bb-m2,Dinon
Because Trump is relevant to this article. Gotcha.
I've decided o stop being a dickhead, honest -APK
Thanks for finding those critical defects! No good deed goes unpunished.
We'll make great pets
The problem with this flaw is that it is a known flaw. If we keep all flaws unknown the Chinese won't use them.
The only way of getting this under control is to make the retailer responsible for any problems.
Or make the owner responsible for stuff he puts on the net. Imagine that!
You camera (or whatever) takes part in a DDOS attack, you get fined the same as a speeding ticket.
Suddenly, people are forced to care. You can get busted for having a bad device! Then retailers & manufacturers see the drop in profits, and can choose to sell "internet-hardened" devices, bragging about a 4096-bit uncrackable key or some such. We get a new "game of numbers" where people buy the device with the longest key for their "home vpn" - they don't want to be fined. Cheap chinese stuff get shunned like it should. Retailers/manufacturers who sell unsafe stuff quickly get a bad reputation and struggle to stay in business.
Oh, and lets include personal computers in this. If you pass on a virus, you get fined. No excuses.
The article says it's a new problem. But it also says the malware has been active for over a month. And it's been covered on /. some time back. Will it be a new malware next month, too?
See my subject: Your impersonating me proves 1 thing - You WISH you were me (poor imitation = sincerest form of flattery).
APK
P.S.=> In case anyone's interested, the C&C servers for Persira are:
load.gtpnet.ir
ntp.gtpnet.ir
gtpnet.ir
185.62.189.232
95.85.38.103
From http://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/ ... apk
...AFAICT, the threats are now ahead of the defenses and that's a real problem we don't have a solution for.
Common F. Sense has a solution; don't fucking use insecure shit you don't need.
I know this may come as a shock to gadget-addicted Millennials, but humans used to use these things called light switches to control a light bulb. They're pretty damn secure. Yes, I know this requires people to move more than a smartphone finger (and thus qualifies as hard labor for the do-it-for-me generation), but your doctor does recommend physical movement from time to time in order to maintain good health.
See subject: Hence my inclusion of IP addresses + hostnames of the C&C's to block (for software/router firewalls) since cams are peripherals w/ no direct access to hosts afaik @ least.
My work's no malware - Code's audited as safe by Malwarebyte's hpHosts & Google's VirusTotal shows its binary as Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ so EAT YOUR WORDS, unidentifiable jealous little troll.
APK
P.S.=> Trying to "put words in my mouth" I never said & LIES? Piss poor failing weak effete tactic on your part UNIDENTIFIABLE little troll, lol... apk
Product recall.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
See subject: It's NOT POLITE to talk w/ your mouth full K.S. Kyosuke as you EAT YOUR WORDS https://slashdot.org/comments.pl?sid=7804977&cid=50269031/ chump!
* Tell us - HOW DID THEY TASTE?
APK
P.S.=> A bit like your FOOT IN YOUR MOUTH ramming those lying words back down your chicken-neck throat & washed down w/ the bitter taste of SELF-defeat? Yes, lol... apk
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked + recommended & hosted by Malwarebytes' hpHosts!
APK
P.S.=> You're welcome to show you've done as well as the above (you can't blowhard talker UNIDENTIFIABLE troll hiding)... apk
because any reasonable and prudent owner understands IoT security; dumb ass A/C.
its like buying, that you are not told can fire backwards.
I don't have many (couple IP cams, outlets, etc.) but I put them all on a separate VLAN with no access to the outside world. I allow ridiculously restricted access to the inside host(s), although I haven't had any instances of them trying anything funny there - yet. But, EVERY Chinese IoT widget I've bought immediately attempts to phone home. EVERY Chinese IoT widget I've bought will also continue the attempts after the related (e.g. "cloud") features are turned off. Kinda like Windows 10.
You control nothing. I post as I want despite whipslash fearing for his ads hosts block. I don't have a site & don't need one.
* Can't you get ANYTHING right?
(Bet you WISH you didn't have to EAT YOUR WORDS here too vs. me, eh? LMAO https://it.slashdot.org/comments.pl?sid=10596227&cid=54399795/ & you WISH you could be me, obviously, managing to get those types of good reviews as I do shown in that link (which "your kind" NEVER can, or will)).
APK
P.S.=> You're the one spending ALL DAY LONG stalking/harassing/trolling me (or trying to & failing rather) behind UNIDENTIFIABLE anonymous posts - who's the "mental weakling", Mr. "projectionist" (projecting your own issues onto me & again as always, failing, lol)... apk
Eat your words on that note as I put out the actual links from registered users liking my work in 8 posts here https://politics.slashdot.org/comments.pl?sid=10458715&threshold=-1&commentsort=0&mode=thread&pid=54192877/ - BobTheSuperWEASEL, is that YOU again? Tell us:
HOW DID EATING YOUR WORDS TASTE?
LMAO!
(A bit like your FOOT IN YOUR MOUTH ramming them down your chicken-neck throat & washed down w/ the bitter taste of SELF-defeat again??)
APK
P.S.=> You're pitiful & easy to get the best of every time... apk
What is this, the 100th IoT device with security flaws?
:-).
Or is that the 1,000th IoT device?
Recently I have been thinking about this, (I know, no one is supposed to THINK any more), and perhaps using open source replacement firmware would be the saving of many of these devices. Similar to DD-WRT is today. With clear, open software, developers could make suggestions and submit bug fixes to get this stuff fixed.
Plus, there could be usability flaws in the IoT devices as well.
We can leave the cheap hardware production where it is, (since people buy that crap). But, put the software development in the hands of real people. Not rank amatuers. (Note I was in software development and had millions of satisfied users. We won't mention how many dis-satisfied users
Lady Galadriel
I agree with your comments, except the "phoning home stuff". I was unable to prove that when I installed my IP cameras but.....
the IP cameras I installed had enough crap turned on by default that getting them to "phone home" was trivial at best.
So what's a techo geek to do?
Bring up every camera on a FULLY ISOLATED network. Then access the camera's GUI or management interface to review and revise all of the settings. While you are there, also upload any firmware updates for the camera.
When you are ready to install them, do what the LS1 suggests, install them in a highly restricted VLAN. I would also add that you should closely monitor that restricted VLAN as much as possible for any "escape attempts".
As for the clueless user attracted by the thought of watching their cameras while away, like those TV commercials for R!NG (or whoever they are) wireless doorbells, frankly people there just are not enough deadly items in this world to get rid of the clueless. And if you make the "toys for clueless people" too difficult to use right out of the box, the product will be a "market failure" and get trashed on social media.
Those of us trying to live a reasonably secure lifestyle are screwed no matter what since "There's a clueless id10t" born every second in this world"....
See subject & https://politics.slashdot.org/...
APK
P.S.=> You've got some serious issues... apk
A lot of these cameras enable upnp by default. If you are in Belgium and have a bbox2 router as the interface to the world then this router has upnp enabled by default and you cannot turn it off on the router. So if you connect a upnp enabled camera to your internal internet thinking "i'll deal with port forwarding or not later", then you may be surprised to find that you may just as well have connected it directly outside your firewall as all the ports will be forwarded by default.
That's a lofty approach. A lot of merit for sure but unattainable none the less.
So where can we submit suggestions or updates to BrickerBot?