China Surveillance Vulnerabilities Being Used To Attack China, Says China
While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities are being used to attack China.
This news comes from the PRC's main cyber threat monitoring body, which stated a recent hacking campaign's use of longstanding vulnerabilities is "sounding the alarm" on PRC IoT security, illustrating the risk associated with devices from that country.
In this post, we examine this news, including:
- Attack Background
- CNCERT Gives Update on Hacking Methods, Impact
- China Manufacturers Especially Vulnerable
- Cybersecurity Expert PenTestPartners Feedback: DVR Vulnerability from 2016
- CNCERT: Hack "Sounded The Alarm" on China IoT Security
- CNCERT Recommends Manufacturers, Users Beef Up Security
- Prior Warning: PRC IoT Devices May Be "More Susceptible"
Attack **********
** ***-********,**** ************ '*********'-********** ***-***** ********* **** ********* China ***** ************ ********* ** **** of * ***********-********* ******* ******** ******* the *** ********** ******#********:
*** ******** *** ** *********** ****** on ********** *** ************* **** *********, Dahua, ** ******* (***** *** ********* claimed ** **** ***** **** ********* USA's *******, **** *** ***** ********* and ********* ****** ** *********). *** one ****************** *** ************ **********, ***** ********* a ******** ******.
CNCERT ***** ****** ** ******* *******, ******
*** ***'* ***** ***** ****** *******,******,****** ** ****** ** ***** ******* *** ******* ** **** ******* campaign, ********** **** ******* **** ***** main *******:
*** ****** *********** ********* **** *** overseas [*******] ***** **** **** ***** attack ******** ****** **** ***** ***** of ***************: ****** ******* ********* ***************, malicious **** ************, *** ***** ****** vulnerabilities.
China ************* ********** **********
***** ***** ** *************** **** **** significant ****** *** ***** *** ************* ranging **** ***** ******* ************* ** smaller **** ***** ********* - *** our********* ** ***** ************ ************* *************** and ********.
****** **** ****** *** ******* **** "malicious ****" **** *** ******** ** "different ******** ** *** ***** ******". The **** ***** **** ****** *** driven ** ********** ******* **** ***** PRC ***** ************ ***-*******************.
Hack ****** ******* *********
****** ****** *.** ******* ******* **** launched ** ***,*** ** *********, ***** 10,157 ***** ****** ******** **** ******** as ****. ****** *** *** ****** specific ********* ******** ** *** ******** impact ** *** *******. *** **** of *** ** ********* ******** **** located ** *****'* ******* *********, ***** most ***** ************ ************* ***** *****.
Expert ********: *** ************* **** ****
****** *******, *** ******** ********** ******************, ******** *** ****** ****** *** told **** ***** **** *** *************** which *************** "********* ** * ****** of **** **** ** ****" ** his **** **** "****** **** *******":
******* **** *** ****** ** ********** DVRs *** ***** *****:
***** **** *** ** ***** ******* then, *** ***** *** *** **** 100k. **** ** *** ***** **** we **** ****** **** **** ***** fixed, *** **** ***'*.
*** ******* ***** **** *** ****** report "***'* ****** **********" ***** **'* obvious ***** ******* ***** *** ******:
*** ****** ***'* ***** * ***** no-name *** ******* ** *** ******** like **** ******. **'* *** **** a **** - ****'** **** ***** as ******** **** *** **** *****.
**** ******* **** **** ********* ******** - *******, ** ** ******* **** such *** *************** *** ***** ***** exploited *** ***** ******* *****, *** China's *** *********.
CNCERT: **** "******* *** *****" ** ***** *** ********, ***** *******
***** ****** ****** *** ********* ** the ***** **** "*** ****", ** also **** *** ******** "******* *** alarm" ***** *** ********** *****'* *** network ******** *** [******** *****]:
*** ********* **this ****** ** ******** ************* ** *** ****. However, this attack shows that the IoT device has become an important target for hackers, and it sounded *** ***** *** *** ******* ******** of the IoT device.
****** ***** ****** *** ***** *** ongoing:
**** *** ***** ******* ****** ** this ****** *****, ****** *** **** domestic ******** ********* ****** *************** *** attack ***** ********, *** ** ** the **** ** ***********,some *************** **** *** **** ******** *** *** ***** ** ******** *********.
CNCERT ********** *************, ***** **** ** ********
****** **** ***** *************** *** ***** video ************ ************* *** ***** ** beef ** ******** [******** *****]:
*. *** ****** ************* ******strengthen *** ******* ******** ********** ** *** *******, plan ****** ******** ************ ** ******* during the development process, and embed network security protection mechanisms;
*. *** ******users ****** ******* ******** checks on multiple levels of hardware, firmware, software, applications, and network protocols before the device goes online; after the device accesses the Internet, it should be protected by technical means such as firewalls, and at the same time strengthen the Monitoring and auditing of network access behavior of connected devices.
*. *** *******Internet ** ****** ********* ************* **** ******* ******** ************ *** *** **** *******. Internet of Things users *** ********* ** ******* **********, and security awareness needs to be improved.
Prior *******: *** *** ******* *** ** "**** ***********" ** *******
* **** **** ******** *****'* *** ****** ******** *** the** ***** ******** ******** ****** **************** **** "******** ********" ** *** manufacturing **** ** "*** ******** ** entry" *** "******* ********** *********" ***** that "*******-************ *** ******* *** ******** targets *** ************ ******", ******:
******* *** ******* *** ** ***** as *********** ** ************ ****** ** those **** ***** *********,and *** ** **** ** **** *********** [emphasis added]
**********
** *** *********** *** ***-***** *******, **** ***** that *** *** **********'* ***** ****** abuses **** ** * ***** ****** for ***********-********* ******* *********.
*** ** ***** ** *****'* **** cyber ********** ****, ******* *********** ***** is ************ *************** ******** **** ********* due ** *** ***** ** ******* security *** ***** ***** ************ ********.
* ***** **** ** ********* *** can **** **** ** *** **** run.
*** **** ** *** *** ***** made ************ ******* ** **** **** such *******.
******** **** **** ** *****. ** amazes ** *** **** ** ** to **** ****** *** ** ***** a ******** ******* **** ******** *****.
***** **** ****** **** ***** ******* manufactured ***. ***** **'* **** ********* here *** ***** **** **** **'* not **** ** *****.