Page is loading
logo
logo
logo
logo
logo
logo
logo
logo
logo
logo
logo

To control 500k cameras is not science, just guess the default passwords


To control 500k cameras is not science, just guess the default passwords Linux malware Mirai has over half a million devices connected to the Internet and attacks them on different targets. It is remarkable that it works completely trivially: it simply guesses passwords. The cameras are attacking. We already know this, it is written by world media because it is a really serious problem. It can generate a stream of over one Tbps, send over one million HTTP requests every second, and place a large DNS service provider and also a large part of the important Internet services. We know this, many have warned them and they finally came. Surprisingly, how simple it was. It uses a malware called Mirai that focuses on various "smart" devices typically using BusyBox. It searches them over..
Advertisements

Start here


By signing-up I agree with your terms
241 monitored services
347,040 pings per day
15 IP's down today

To control 500k cameras is not science, just guess the default passwords

Linux malware Mirai has over half a million devices connected to the Internet and attacks them on different targets. It is remarkable that it works completely trivially: it simply guesses passwords.

The cameras are attacking. We already know this, it is written by world media because it is a really serious problem. It can generate a stream of over one Tbps, send over one million HTTP requests every second, and place a large DNS service provider and also a large part of the important Internet services. We know this, many have warned them and they finally came.

Surprisingly, how simple it was. It uses a malware called Mirai that focuses on various "smart" devices typically using BusyBox. It searches them over the Internet, tries to attack them, install them in, and then it can commit a variety of attacks. But the crucial thing is that Mirai does not abuse any sophisticated software bug, does not need any "Dirty Cow" or Heartbleed.

Mirai simply guesses default passwords. Since the source code has been released, we know today exactly what passwords are and especially that there are only 60. Sixty! So small and still enough to attack half a million devices around the world.

It is probably a whole range of devices from the mentioned cameras, through routers (ubnt password) to baby nurseries or network drives. However, most of the devices belong to a common category, as people from the Flashpoint point out - credential are also well known for these devices. It turned out to be especially the products of Dahua Technology, which specializes in the production of IP cameras.

However, a number of devices of very diverse manufacturers have been discovered, which at first sight have nothing in common at all. However, it turned out that these manufacturers use hardware and software from XiongMai Technologies, a Chinese company that supplies complete technology for building similar devices - from cameras to video recorders or recording cameras.

The manufacturer then completes his "own" product, fumigates with the supplied firmware and give it immediately to the store. However, XiongMai delivers leaky software that opens the integrated computer to the world and allows its mass infecting. There are talks about half a million attacked devices.

The problem would not be so great if the device was not easily accessible from the Internet. However, the supplied firmware leaves an open telnet interface through which the devices can be controlled remotely. Telnet? Did you think he was dead a long time ago? Big mistake, the embedded device area is unfortunately too widespread.

To make it even worse: telnet is turned on by default, it cannot be turned off and can be logged in with a default password that cannot be changed! This is a paradise for all botnet operators.

This is not all yet, people from Flashpoint have discovered a firmware way to get around signing up completely: instead of login.htm, you just have to get DVR.htm. In addition, Shodan's scanning service shows that devices suffering from these errors are over half a million in the world. And that's just one particular dilettante manufacturer with bad firmware. Estimates talk about millions of similarly leaking devices connected to the Internet.

Among the countries with the most vulnerable devices are Vietnam (80,000), Brazil (62,000), Turkey (40,000), Taiwan (29,000), China (22,000), South Korea (21,000) , India (15,000) and United Kingdom (14,000).

Flashpoint notes that most of the Dahua devices are, but XiongMai's XiongMai firmware is also a big part of it. It also depends on specific countries and the representation of individual products. Dahua may need 65 percent of the attack in the United States, but XiongMai is responsible for almost 70 percent of infected devices in countries like Turkey or Vietnam, where most of the attacking operations come.

Using default passwords is like having no passwords. Users should therefore be more careful about configuring similar devices that will be turned on once and not usually covered. However, the butter on the head is mainly made by producers who are still making the same mistakes that have been pointed out many years ago. But it's futile.

The best solution is to have no default passwords at all. Ideally, the device should ask for a password at the first start of the user and do not let it go further without this action. Obviously, we would not solve all the problems of the world, but at least nobody could catch us with the trousers down running.



From Our Blog

  1. Compare web hosting (3 months ago)
  2. Latest websites testes (3 months ago)
  3. USA Vpn (2 months ago)
  4. Did you searched: aesop login? (2 months ago)
  5. Firefox has a plan: Old extensions will stop working in 2018 (2 months ago)
  6. To control 500k cameras is not science, just guess the default passwords (2 months ago)
  7. Are You Ready For The Dangerous IT World? (2 months ago)
  8. Google Search Console (1 months ago)
  9. History of PHP programming language (1 months ago)
  10. Google Search Penalization (1 months ago)
  11. Pros and cons of using Wordpress premium templates (1 months ago)
  12. Apache vs Nginx web servers comparison (1 months ago)
  13. 10 big brands using Wordpress CMS to power their eCommerce sites (1 months ago)
  14. Peer-To-Peer search engines review (1 months ago)
  15. IIS vs Nginx (1 months ago)
  16. Statuses of a domain before expiration explained (1 months ago)
  17. What is domain backorder? (1 months ago)
  18. What does shallow content mean in detail? (1 months ago)

Free variant

Free

  • Personal usage
  • 1 website
  • 10 minutes interval

Basic variant

EUR 10 / Month

  • Pro
  • Up to 100 websites
  • 1 minute interval

Unlimited variant

EUR 139 / Month

  • Pro
  • Up to 1000 websites
  • 10 seconds interval

Start here


By signing-up I agree with your terms


↑ Skip to TOP ↑