Subscriber Discussion

Brickerbot - Anyone Recently Bricked NVRs Or Cameras?

UI
Undisclosed Integrator #1
Apr 17, 2017

ARS is reporting that botnets BrickerBot.1 & BrickerBot.2 (probably variants of the Mirai source) are attempting to close the loop by corrupting the firmware on exposed devices with default passwords. Surely this will affect our insecure devices soon enough?

 

(1)
(4)
JH
John Honovich
Apr 17, 2017
IPVM

#1, thanks for sharing.

A few more details from that article:

Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.

The bots brick real-world devices that have the telnet protocol enabled and are protected by default passwords, with no clear sign to the owner of what happened or why.

Also, note many older Dahua and XM-based cameras suffer from this.

(1)
U
Undisclosed #2
Apr 17, 2017
IPVMU Certified

Only a very dark gray hat would consider bricking 10 million cameras as a solution.

(3)
JH
John Honovich
Apr 17, 2017
IPVM
(3)
UI
Undisclosed Integrator #3
Apr 17, 2017

If this does occur I would be willing to bet a lot of users would have preferred your method (I am assuming you are OP/U1 in John's link) to this hackers method of "securing" these devices. 

(1)
U
Undisclosed #2
Apr 18, 2017
IPVMU Certified

Perhaps.  

But truth be told I did hack 10 cameras.  As a test to see how many would actually notice and do something.  The results weren't exactly encouraging.

In the first week, only 1 (!), became inaccesible.  One was still accessible but someone changed the camera description back.  8 were unchanged.

As a control I didn't hack another group of 10 random but hackable Dahuas.

In the first week 2 became inaccessible, due to some other reason. So...

Because of its apparent ineffectiveness, I never did any others. 

 

(1)
U
Undisclosed #2
Apr 17, 2017
IPVMU Certified

Cameras are possibly the only devices in existence that retain some value after being bricked.

They just become dummy cameras.

(4)
UI
Undisclosed Integrator #4
Apr 18, 2017

I have but it was no botnet... unfortunately.  Would have provided a better excuse.

(1)
UE
Undisclosed End User #5
Apr 23, 2017
(3)
UI
Undisclosed Integrator #4
Apr 24, 2017

The article is quite interesting.  Since Dahua is called out by name it seems like there would be more clamor in these forums or a significant uptick in calls for help.

(2)
UI
Undisclosed Integrator #1
Apr 24, 2017

agreed- I'm surprised I haven't seen anyone asking for help with their unresponsive cams to validate the bot's claims.

UI
Undisclosed Integrator #4
Apr 26, 2017

Yes, but that's ransomware.  This is bricking the devices.  Unless everyone is too busy replacing cameras to post on IPVM I don't understand how we've seen no posts asking for help.  Perhaps DIY end users are the vast majority of devices impacted?

UE
Undisclosed End User #5
Apr 26, 2017

I also find it quite hard to believe to have 2 million devices bricked worldwide with remarkable silence... however, i've been surprised before, so it may be the truth after all... 

U
Undisclosed #2
Apr 26, 2017
IPVMU Certified

(1)
U
Undisclosed #2
Apr 24, 2017
IPVMU Certified

Is Bashis bashed?

Schizophrenically, janit0r criticizes both 

  1. Not attacking Dahua with zero-day irresponsibly
  2. Not  working with Dahua responsibly

 

 

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions