Story image

Security cameras – a latent botnet network?

A consumer rights testing service has found that unprotected IoT cameras are one of the major problems in IT security and yet are more widespread than they should be.

In 2016, a Linux-based botnet called Mirai was used to facilitate the largest distributed denial-of-service (DDoS) attack in history using unsecured IoT devices.

The researchers found that in a comparison of 16 indoor and outdoor IP surveillance cameras, only one device was sufficiently well-protected.

Of the other 15 cameras, 10 were rated “satisfying”, 2 as “sufficient” and 3 as “poorly” on the subject of security.

The researchers also rated the integration of the smartphone apps for controlling the cameras in ten cameras as critical to very critical.

Some of the tested devices failed because they used trivial access data, such as "admin" as username or password.

In addition, they left unnecessary ports open.

Also critical was the fact that some apps did not ask users to change their access data when they registered.

And with one camera, the researchers were concerned about the fact that it transmitted the login data unencrypted.

All in all, there are weaknesses at almost all relevant spots, which in turn reinforces the demand that IoT equipment should generally become safer.

IoT devices need more focus on security

However, the devices did not only differ considerably in terms of safety but also in terms of ease of use.

This concerns, for example, the type of data storage - and only two of the tested cameras could be used without any cables.

A few years ago, thousands of smart devices operating under the control of criminals paralysed several major Internet services.

Cameras were also affected to a large extent.

With thousands of hacked cameras, criminals are able to heavily support DDoS attacks and order them to infect neighbouring devices on the same network.

However, it is important to note that the question of the hazard level of smarthome cameras depends largely on the router settings used.

If poorly secured IP cameras can be found openly on the Internet, they can easily be integrated into a botnet.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.