Miscellaneous

Remote ownage of 100k+ Camera and Gateway devices demonstrated at Defcon

It’s now anno domini 2017 and the number of Internet-connected devices surpass the living population by an order of magnitude. And while most of these devices help us reinvent the way we interact with our homes, our offices or with our own bodies, some “smart things” can lend hackers a helping hand in digital burglary.

This is the case with over 120,000 internet-connected security cameras manufactured by Shenzhen Neo Electronics, whose firmware contains a massive security flaw that renders them remotely exploitable. A bug in the authentication mechanism allows a remote attacker to completely take control and run commands on the vulnerable devices and turn them into a zombie army ready to trigger the next Mirai or to become tools of mass surveillance in users’ homes.

Our own Chief Security Researcher Alex “Jay” Balan got on the Defcon IoT stage with a live demo of the exploitation. And while we’re eagerly waiting for the video, his presentation ( IoT – The gift that keeps on giving (354 downloads) ) and the technical whitepaper documenting the findings are ready for download.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.