Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

By: Brian Karas, Published on Jun 14, 2017

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

***** **** ********* ** 2016, ********** ********** ** cameras,********* ***** **** ****************** ****** * ******* botnet **** *** **** to ********* ******* ****-***** ********, *********** ****** ** *******.

***, * *** ****** very ******* ** *****, known ** ********, ** targeting ******* ******** ** consumer-oriented *******. ** **** report ** ******* *** impact ** ******** *** the ******** ** ** affecting.

[***************]

Perserai ********

******** ** ***** ** *********** of *** ***** ****** ****. **** *****, ** ******** device ** ***** ******** the ******** *** ***** devices **** ***** ***************. When ** *********** ****** is *****, ******** *** **** to ** **** ******** it ** ******** *** execute * ******* **** then ****** * ****** operator ** ******* ** as **** ** * botnet.

Exploit *****

******** ********** ****** ***, who ******** ********, ***** ******** ******* methods, ********* *** ******* to ******** * **** of *********/******** (******* ** ******** ********), *** * ******** in * *** ****** implementation (******* ** * ********* ***** ******** *************). *** ******* *** generally ******** ********** *** to ******* **** ********, which ***** ** ***** cameras ***** *** *** aware **.

1,000+ ******/****** ********

***** ***** ******* **** 1,000 ********** ******/****** ********. **** ** *** difficulty ** *********** ******** units ******** ** **** these ******* **** ******** to ** **** ***** OEM ******, ***** ******** at ********/*** *******.

** ***, * **** manufacturer ** *** ***** has *** **** **********, and ** ** **** likely *** ******* ******* multiple *************, ** ******* familiar **** ******* ***'* have **** **** ********** that **** ** ***** shared *** ****** ****** multiple ********* ****** ** developers **** ******* *********, do ******* ******** **** for ******** *************, ** simply ***** ****.

** * ****** ****** of ********** *****, ******* brands **** ***********, **** *** ******* ***** ********* ********** ** the *******. ***** ****** are ***** ** *** logo ********* *****. **** affected ***** ********* ** branding ** *** **, simply ********* ** *** unit ** "** ******" or "*** ******* ******":

No ***** ****** ********

**** *** **************, *** reports **** ***** *******, none ** *** ******** units **** **** ***** brands ** **** ******* such ** *****, *********, Q-See, *****, ***. *******, as * ******* ****, users would ***** ** ********* to ***** ******** **** to ****** ******** ***********.

170,000 ********** ***** ********

******* *** ** ********** of ********** ************** ***,*** ************ ******* currently ******:

Similarities ** *****

**** **** *****, ******** gives ****** ********** **** a **** ** *********** and *********** ************* ** a ******. ** **** cases *** ****** **** continue ** ******** ********, though ************** *** ** impacted ** *** ****** is ***** ********* ** participate ** * **** attack. ***** **** **** users ** ***** ******* still **** ******* *********, it ** ******** **** firmware *** **** **** ever ** ******* (******** the ************* **** ******* patched ********).

******** ******** **** *** survive * ****** ** the ******, ******* ***** in ****** **** *****. Users *** '*****' ***** cameras ****** ** ********* them, ****** **** **** likely ****** ******** ***** quickly ** **** *** not *** ** * VPN ** ********* ******* from ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** likely ** ** **** by ******* ******** ** servers **** *** *** recipients ** * **** attack ******* *** ** infected *******.

Minimal ****** ******** ******

**** * ******** ******** standpoint, ***** ** ***** brands **** **** ********, the ******* ****** ***** come **** ******** ******** on *****'* *********, ******* * lack ** ***** ** IP ****** ********* ** general.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Consumer

Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Consumer IP Camera Analytics Shootout - Arlo, Google / Nest, Amazon / Ring, Hikvision / Ezviz, Wyze Cam, Yi Home on Sep 26, 2019
AI analytics are hitting the mainstream in the consumer camera market, with entrants Wyze and Yi Home releasing free people detection on their...
Yi Home Camera 3 AI Analytics Tested on Sep 10, 2019
Yi Technology is claiming "new AI features" in its $50 Home Camera 3 "eliminates 'false positives' caused by flying insects, small pets, or light...
China Dahua To Replace Their Software With US Pepper on Aug 22, 2019
What does a US government banned company do to improve its security positioning in the US? Well, Dahua is unveiling a novel solution, partnering...
JCI Sues Wyze on Aug 21, 2019
The mega manufacturer / integrator JCI has sued the fast-growing $20 camera Seattle startup Wyze. Inside this note: Share the court...
Wyze AI Analytics Tested - Beats Axis and Hikvision on Jul 17, 2019
$20 camera disruptor Wyze has released free person detection deep learning analytics to all of their users, claiming users will "Only get notified...
RaySharp Revealed - Major China OEM For Western Consumer Video Surveillance on Jul 02, 2019
RaySharp is mostly unknown, even among people in the video surveillance industry, though it is a major supplier of OEM surveillance equipment such...
Directory of 30+ VSaaS / Cloud Video Surveillance Providers on Jun 07, 2019
This directory provides a list of VSaaS / cloud video surveillance providers to help you see and research what options are available. 2019 State...
China / US Trade War Impact Splits Industry on Jun 04, 2019
As the trade war continues to heat up, 170+ integrators told us "What impact will the US / PRC China conflict have on the industry?" Respondents...
Security / Privacy Journalist Sam Pfeifle Interview on May 24, 2019
Sam Pfeifle is best known as the outspoken former Editor of Security Systems News. After that, he was publications director at the International...

Most Recent Industry Reports

Alarm Veteran "Demands A Criminal Investigation" Of UL on Oct 18, 2019
The Interceptor's Project pressure against UL continues to rise. Following Keith Jentoft's allegation that "UL Has Blood On Their Hands", Jentoft...
Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Access Control Course Fall 2019 - Last Chance on Oct 17, 2019
Register Now - Fall 2019 Access Control Course. Thursday, October 17th is the last day to register. IPVM offers the most comprehensive access...
US DoD Comments on Huawei, Hikvision, Dahua Cyber Security Concerns on Oct 16, 2019
A senior DoD official said the US is "concerned" with the cybersecurity of Hikvision, Dahua, and Huawei due to "CCP" (China Communist Party)...
Pelco Sarix Pro3 Camera Tested on Oct 16, 2019
Pelco has released their Sarix Professional Series 3 cameras, claiming "more security detail in challenging scenes with excellent low light and...
IPVM Camera Calculator User Manual / Guide on Oct 16, 2019
Learn how to use the IPVM Camera Calculator. The guide below includes instructions, images, gifs, and videos demonstrating and explaining the...
Altronix Claims Tango 'Eliminates Electricians' on Oct 15, 2019
Power supply provider Altronix claims its new Tango power supply 'eliminates the need for an electrician, dedicated conduit and wire runs'. In...