Samsung 'Hacks' Its Own Phone, Should Xiongmai Do The Same?

Samsung is forcing a software update to the infamous Note7, which limits battery life to 60 minutes, in an effort to have people return them prior to detanation.

If XiongMai was serious about their recall, they could make their devices all give on screen warnings to the owners and also contact/return info, using the same techniques scripts used in the botnet conscription phase.

What about it XiongMai?


Or should I say 'XiongMirai'?

But Samsung has a system in place to manage / push updates? What does Xiongmai or any traditional video surveillance manufacturer have?

Take Axis, even if Axis wanted to, how could they 'force' a software update on their cameras to fix the critical security vulnerability?

Take Axis, even if Axis wanted to, how could they 'force' a software update on their cameras to fix the critical security vulnerability?

The same way Mirai gets installed.

But that's not how Samsung is doing it, correct?

It's the same at a high level:

Samsung forces a message to appear on the phone telling people to return their device.

XiongMai could do the same. Of course the Samsung method was designed from the get-go and the XiongMai would have to be improvised.

But, desperate times require desperate measures.

Xiongmai also has feature of autoupdate FW for IPC or DVR/NVR. This feature is available not for all OEM customers, but we use it. They developed it in 2015, but almost all hacked devices should be much elder, cause opened telnet port issues we met only in old FWs.

Also we always try to keep our clients well-informed with new function, new features or bugs-fixing updates. We opened access to last FWs for devices, and for ip-camera's FWs quantity of downloads for last 2 years is more than 20k times.

That's why we have only few issues about telnet or hacking or smth.

Sergey, thanks

Xiongmai also has feature of autoupdate FW for IPC or DVR/NVR.

How does this work? Is the camera / recorder programmed to periodically connect to a certain website / IP address to check for updates?

You're just not going to rest until somebody tells you to hack 10,000 cameras in the name of justice.

If XiongMai was serious about their recall, they could make their devices all give on screen warnings to the owners and also contact/return info, using the same techniques scripts used in the botnet conscription phase.

I don't agree. XiongMai is a component supplier, they sold components which then became part of another product/brand. Offering a recall is the right approach, at least theoretically, they recognize they provided defecting parts and are providing recourse for those affected. Altering components post-sale may affect the end-customers in unanticipated ways and violate agreements they had with their direct customers.

Samsung most likely had some kind of click-wrap agreement the owners of the phones agreed to that gives the company the right to send software updates that alter the phone. Unless XiongMai/their suppliers had users agree to something similar there could be legal issues around this (however unlikely).

Overall, not a sound idea for the company to do this.

Altering components post-sale may affect the end-customers in unanticipated ways...

So would your ISP blocking your outbound DNS. Probably worse.

The difference is that phone are highly regulated in the US by the fact and also have a carrier involved. The carrier controls software updates and firmware and has agreements in place. Without the carrier, the phone is an iPod of sorts.

An ip camera doesn't rely on a carrier or other outside service and usually doesn't have a self update mechanism that is constantly checked.

The difference is that phone are highly regulated in the US by the fact and also have a carrier involved.

Do those differences prevent it from being pushed a message vis Mirai?

I don't believe into "forced updates" by the manufacture, however, if you want to mitigate / get rid of these kind of threats, there is needed something "look outside of the box" - if that should be to release a worm who patching/upgrading or even set a random password to "protect" default login/password boxes. (show the new password on the cam feed for instance).

I really do believe something "look outside of the box" is needed, legal or not legal - but for a good cause (Robin Hood thing).

...show the new password on the cam feed for instance...

The new password might break the remote feed, but I'm all for putting messages in the camera title, or adding iptables commands to block stuff.

Article on the ethics and legality of 'hacking back' hacked devices.

Security researcher creates an anti-worm-worm:

https://www.grahamcluley.com/good-anti-mirai-worm-pulled-github-following-backlash/

good find.

Goes a little too far by actually changing the password though, IMHO. Thats going to cause a lot of devices to go off-line. A few (not many) may providing critical functions.