Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

By: Brian Karas, Published on Jun 14, 2017

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

Perserai ********

******** ** ***** ** *********** of *** ***** ****** ****. **** *****, ** ******** device ** ***** ******** the ******** *** ***** devices **** ***** ***************. When ** *********** ****** is *****, ******** *** **** to ** **** ******** it ** ******** *** execute * ******* **** then ****** * ****** operator ** ******* ** as **** ** * botnet.

Exploit *****

******** ********** ****** ***, who ******** ********, ***** ******** ******* methods, ********* *** ******* to ******** * **** of *********/******** (******* ** ******** ********), *** * ******** in * *** ****** implementation (******* ** * ********* ***** ******** *************). *** ******* *** generally ******** ********** *** to ******* **** ********, which ***** ** ***** cameras ***** *** *** aware **.

1,000+ ******/****** ********

***** ***** ******* **** 1,000 ********** ******/****** ********. **** ** *** difficulty ** *********** ******** units ******** ** **** these ******* **** ******** to ** **** ***** OEM ******, ***** ******** at ********/*** *******.

** ***, * **** manufacturer ** *** ***** has *** **** **********, and ** ** **** likely *** ******* ******* multiple *************, ** ******* familiar **** ******* ***'* have **** **** ********** that **** ** ***** shared *** ****** ****** multiple ********* ****** ** developers **** ******* *********, do ******* ******** **** for ******** *************, ** simply ***** ****.

** * ****** ****** of ********** *****, ******* brands **** ***********, **** *** ******* ***** ********* ********** ** the *******. ***** ****** are ***** ** *** logo ********* *****. **** affected ***** ********* ** branding ** *** **, simply ********* ** *** unit ** "** ******" or "*** ******* ******":

No ***** ****** ********

**** *** **************, *** reports **** ***** *******, none ** *** ******** units **** **** ***** brands ** **** ******* such ** *****, *********, Q-See, *****, ***. *******, as * ******* ****, users would ***** ** ********* to ***** ******** **** to ****** ******** ***********.

170,000 ********** ***** ********

******* *** ** ********** of ********** ************** ***,*** ************ ******* currently ******:

Similarities ** *****

**** **** *****, ******** gives ****** ********** **** a **** ** *********** and *********** ************* ** a ******. ** **** cases *** ****** **** continue ** ******** ********, though ************** *** ** impacted ** *** ****** is ***** ********* ** participate ** * **** attack. ***** **** **** users ** ***** ******* still **** ******* *********, it ** ******** **** firmware *** **** **** ever ** ******* (******** the ************* **** ******* patched ********).

******** ******** **** *** survive * ****** ** the ******, ******* ***** in ****** **** *****. Users *** '*****' ***** cameras ****** ** ********* them, ****** **** **** likely ****** ******** ***** quickly ** **** *** not *** ** * VPN ** ********* ******* from ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** likely ** ** **** by ******* ******** ** servers **** *** *** recipients ** * **** attack ******* *** ** infected *******.

Minimal ****** ******** ******

**** * ******** ******** standpoint, ***** ** ***** brands **** **** ********, the ******* ****** ***** come **** ******** ******** on *****'* *********, ******* * lack ** ***** ** IP ****** ********* ** general.

Comments (0)

Read this IPVM report for free.

This article is part of IPVM's 6,536 reports, 881 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Faked Convergint Fever Camera 'Expert' Marketing on Jun 16, 2020
Convergint touts they are "THERMAL CAMERA SOLUTION EXPERTS" while faking...
Don't Be Fooled By Hot Water Bottle Fever Camera Demos on Aug 24, 2020
Fever camera salesmen like to fool buyers (and themselves) with hot water...
Face Shields Impact On Temperature Measurement And Mask Detection on Jul 27, 2020
First, the use of face masks, and now, plastic face shields are rising...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Mobotix Thermal Detection Camera Tested on Jun 09, 2020
For years Mobotix has struggled but now sales are surging driven by Mobotix's...
Beware Rigged China Fever Cameras on Sep 08, 2020
Many China fever camera manufacturers have rigged algorithms dynamically...
Verkada Falsely Claims "First Native Cloud-based Access Control and Video Security Solution" on Jun 18, 2020
Verkada's false claims continue, this time to be the first native cloud-based...
Faulty Hikvision Cali Colombia Fever Camera Implementation on Jul 20, 2020
The mayor of one of Colombia's largest cities has promoted a faulty Hikvision...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Directory of 206 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Indoor Robotics Presents Tando Aerial Drones on May 20, 2020
Indoor Robotics presented Tando indoor autonomous drones at the May 2020 IPVM...

Recent Reports

Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...