Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IoT Malware Targets 100,000 IP Cameras Via Known Flaw (csoonline.com)

Posted by BeauHD on from the tape-over-your-webcam dept.

Researcher Pierre Kim has found a new malware, called Persirai, that has been infecting over 100,000 Chinese-made, internet-connected cameras. According to Trend Micro, the malware has been active since last month and works by exploiting flaws in the cameras that Kim reported back in March. CSO Online reports: At least 1,250 camera models produced by a Chinese manufacturer possess the bugs, the researcher went on to claim. Over a month later in April, Trend Micro noticed a new malware that spreads by exploiting the same products via the recently disclosed flaws. The security firm estimates that about 120,000 cameras are vulnerable to the malware, based on Shodan, a search engine for internet-connected hardware. The Persirai malware is infecting the cameras to form a botnet, or an army of enslaved computers. These botnets can launch DDoS attacks, which can overwhelm websites with internet traffic, forcing them offline. Once Persirai infects, it'll also block anyone else from exploiting the same vulnerabilities on the device. Security firm Qihoo 360 has also noticed the malware and estimated finding 43,621 devices in China infected with it. Interestingly, Persirai borrows some computer code from a notorious malware known as Mirai, which has also been infecting IoT devices, such as DVRs, internet routers, and CCTV cameras, but by guessing the passwords protecting them.

1 of 60 comments (clear)

  1. Re:Do NOT allow IP cameras to be accessed from ine by Alain+Williams · · Score: 4, Insightful

    you know that, I know that. However the people who buy these things do not know that and do not read reports of security issues; they probably would not even know if one of their IoT devices were used in a DDOS or something. The Chinese manufacturer loses interest once he has sold it to a distributor; the distributor and retailer just want to buy something as cheaply as possible to maximise profits.

    The only way of getting this under control is to make the retailer responsible for any problems. They will rapidly realise that this will cost them a lot and so seek better (more secure) devices. I cannot see this happening for a long time.