Story image

Security cameras – a latent botnet network?

A consumer rights testing service has found that unprotected IoT cameras are one of the major problems in IT security and yet are more widespread than they should be.

In 2016, a Linux-based botnet called Mirai was used to facilitate the largest distributed denial-of-service (DDoS) attack in history using unsecured IoT devices.

The researchers found that in a comparison of 16 indoor and outdoor IP surveillance cameras, only one device was sufficiently well-protected.

Of the other 15 cameras, 10 were rated “satisfying”, 2 as “sufficient” and 3 as “poorly” on the subject of security.

The researchers also rated the integration of the smartphone apps for controlling the cameras in ten cameras as critical to very critical.

Some of the tested devices failed because they used trivial access data, such as "admin" as username or password.

In addition, they left unnecessary ports open.

Also critical was the fact that some apps did not ask users to change their access data when they registered.

And with one camera, the researchers were concerned about the fact that it transmitted the login data unencrypted.

All in all, there are weaknesses at almost all relevant spots, which in turn reinforces the demand that IoT equipment should generally become safer.

IoT devices need more focus on security

However, the devices did not only differ considerably in terms of safety but also in terms of ease of use.

This concerns, for example, the type of data storage - and only two of the tested cameras could be used without any cables.

A few years ago, thousands of smart devices operating under the control of criminals paralysed several major Internet services.

Cameras were also affected to a large extent.

With thousands of hacked cameras, criminals are able to heavily support DDoS attacks and order them to infect neighbouring devices on the same network.

However, it is important to note that the question of the hazard level of smarthome cameras depends largely on the router settings used.

If poorly secured IP cameras can be found openly on the Internet, they can easily be integrated into a botnet.

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.