SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Security cameras – a latent botnet network?
Wed, 14th Nov 2018
FYI, this story is more than a year old

A consumer rights testing service has found that unprotected IoT cameras are one of the major problems in IT security and yet are more widespread than they should be.

In 2016, a Linux-based botnet called Mirai was used to facilitate the largest distributed denial-of-service (DDoS) attack in history using unsecured IoT devices.

The researchers found that in a comparison of 16 indoor and outdoor IP surveillance cameras, only one device was sufficiently well-protected.

Of the other 15 cameras, 10 were rated “satisfying”, 2 as “sufficient” and 3 as “poorly” on the subject of security.

The researchers also rated the integration of the smartphone apps for controlling the cameras in ten cameras as critical to very critical.

Some of the tested devices failed because they used trivial access data, such as "admin" as username or password.

In addition, they left unnecessary ports open.

Also critical was the fact that some apps did not ask users to change their access data when they registered.

And with one camera, the researchers were concerned about the fact that it transmitted the login data unencrypted.

All in all, there are weaknesses at almost all relevant spots, which in turn reinforces the demand that IoT equipment should generally become safer.

IoT devices need more focus on security

However, the devices did not only differ considerably in terms of safety but also in terms of ease of use.

This concerns, for example, the type of data storage - and only two of the tested cameras could be used without any cables.

A few years ago, thousands of smart devices operating under the control of criminals paralysed several major Internet services.

Cameras were also affected to a large extent.

With thousands of hacked cameras, criminals are able to heavily support DDoS attacks and order them to infect neighbouring devices on the same network.

However, it is important to note that the question of the hazard level of smarthome cameras depends largely on the router settings used.

If poorly secured IP cameras can be found openly on the Internet, they can easily be integrated into a botnet.