Old **** ******* *** * ***** ******
****** **** **** ** ***** ************* of ******** ******* **** ********* "****** on *** **** **** *** * lot ** ****** *** ****** ** hack ****". ******** ** ***** ******** devices **** ***** ******* ** ***** *******, ******** cameras *** ********* *** *** **** nearly ** **** ***** ********, *** accessible ** ********, ****** ************* **** concerned ***** ***** ********.
Now ****** ********
*** ******* ******* *** *********** *******, security ******* **** ***-***** *******, ** ***** up ***** *** **** *** *****. With *** ******* **** ** ** camera ******* *** ********* ********** ** Internet-connected ******* **** **** ****** *********, *** easy, *******.
Worse ** ***** ******* ** ********
** ***** ******* ***** **** ** the **** **** ****** *** ******** http ******* *** ************* *** **********. **** can **** *************** ***** ** *** device *********** ********** ** ***** ******/******** using *** **** ******** ******** *********. Another ****** ************* ****** ****** ******* ******* ** ******** ****** ****** all ******* ****** ********.
How *************** *** *****
***** ***** ****** ** *********** ******** images, *** ***** ***** **** ******* ** ********* **** *** **** ** the *** ***** ** *** ********. **** runs ******** ** *** ************ ********** ** ******** * device ************ *** **** ***** *** trying ******** ******* **** *** ********** ** *** ************.
********* ** **** ** *** *** hacks, ************* *** ******** ***** ********, also ********* * ********* **** ** brands/logos. **** ******* *** ** *********** determine **** *** ******* ** ******* could ** ******* ** ********* ** deployed ******* **** **** ** ******.
Two ****** ******* ** ******* ********
** ******* *** ** ********* ** a ****** ** ******* **** ** shell ****** ** * ***** ******* and **** *********** **** ******** **** the **** **** * ****** ******. This ****** ******** *** ****** ** be **** ** *** ******* ****** to *** **** (****** *******, ** over *** ********). ** *** *** benefit ** ***** **** ** ** done ******* *** **** ****** ** do ********, *** ********** *** ******* to ********** ******** ** ******* ******** or ***** **** *** ********** ********.
******* *** ** *** ** ******* onto * **** ** ** ********* new ******** *** *** ****** **** has *** ******* ***** **, *** then ********* **** ******** **** *** unit. **** *** **** ** **** remotely, ** *** ****** *** *** and *** *** **** ** ******* the ******** **********. *** *** ** convince * **** ** ******* *********** firmware ** ** **** *** ******** available *** ********, *** **** **** an ***** **** ******* ** **** from *** ************* ******* ********** ********** a ******** ******.
Securing **** *******
** ** ********** ** ***** ****** a ****** ********* ** *** ********, but *** *** ****** **** ******* of ****** ** ********* ***** **********:
- ****** ******* *********, *** ********* ** the ****** ****** **. ****** ******** "admin" ** "*****" **** **** ****** ********** ****** ********.
- **** ******** ******** ***** **** ************* websites, ***** **** **** *** ********* files *** *** ***********, ** **** reduce *** ******* ** ******* ***** firmware.
- **** ******** ******* ** ******* *** exploits **** ***** ****, ******** **** the ************ ** ******* ** **** security *******.
- ***** *** ** *********/******** **** *** access **** *********, ** ****** *** close ****** ******** ****** *** ******* via ***.
** *** ****** **** ******** ************* ************, ********** ******** ****** ** ******* can ****** **** ** *******.
What ************* *** **
******** ****** *** *** ******** **** the ******** ********** *** *** **** common ******* ** *******. ******* ** ***** access ** ****** ****** ** ********** use *****, *** ** ***** **** by ******* ** **** ****** ** the ******.
************ ******** ********* ******** ****** ************ removes * ***** ****** ******. **** ******* ** not ****** *** ********* ** ******** files ****** ********** ****, ******** ********* to ****** ***** ******** ****** ***** *** turn ***** ******* **** *********** ******* access *****.
********** *** ******** ***** *** **** make ** **** ********* *** ******* to ********* **** *** ***** *** code *** *********** **********.
Comments (19)
Jon Dillabaugh
07/07/16 02:46pm
Nice article. If we kee pushing the industry and best practices, these types of hacks will surely be minimized. Manufacturers, of course, play a large role here, but integrators have to do their part too. VPNs aren't always an option. Sometimes a device needs to be public facing. Restricting the access to that public facing device and monitoring traffic to it is essential.
Create New Topic
Undisclosed #1
Like it!
Confused about this though:
Isn't the 'exploit' the ability to 'gain root' in the first place?
Sounds to me like you are saying, "Cars can be stolen by using the key to start the engine."
Create New Topic
Undisclosed Manufacturer #2
This was one of the two researchers whom I originally thought may have uncovered the Axis vulnerability. I ruled him out on that one and am happy to see this kind of coverage on IPVM.
Create New Topic
jason oneal
Is there a way to know if a device has already been compromised? Or will defaulting and then upgrading to latest firmware eliminate any rogue hack placed on the device?
Create New Topic
Michael Henderson
Considering the brands hacked, maybe it is time to quit selling the low end crap and start designing systems and networks with actual security in mind. You know, that thing we are supposed to do in the beginning.
Salespeople need to quit being price conscious and start selling the service expected of our industry. If end users are so price sensitive, it is time to educate them better to make better informed decisions about their security.
Create New Topic
Michael Henderson
It isn't the brands, per se, but how the systems are designed. Working with the customers' IT people can limit exploits, dedicated security networks. Or for the safest route, a system that is not connected to the internet, except in cases of service and maintenance.
However, using shells that anyone can write a GUI for can lead to exploits from outside sources, due to not maintaining a standard of care for securing the code.
Staying with companies whose software is vetted to limit potential exploits is part of the due diligence integrators must look at when selecting a VMS.
Create New Topic
Brian Karas
There is a new botnet being reported, called "Tsunami", that looks to be targeting the TVT devices. So far ~227,000 vulnerable devices have been identified:
New IoT/Linux Malware Targets DVRs, Forms Botnet
Create New Topic