sb-nz logo
Story image

Security cameras – a latent botnet network?

14 Nov 2018

A consumer rights testing service has found that unprotected IoT cameras are one of the major problems in IT security and yet are more widespread than they should be.

In 2016, a Linux-based botnet called Mirai was used to facilitate the largest distributed denial-of-service (DDoS) attack in history using unsecured IoT devices.

The researchers found that in a comparison of 16 indoor and outdoor IP surveillance cameras, only one device was sufficiently well-protected.

Of the other 15 cameras, 10 were rated “satisfying”, 2 as “sufficient” and 3 as “poorly” on the subject of security.

The researchers also rated the integration of the smartphone apps for controlling the cameras in ten cameras as critical to very critical.

Some of the tested devices failed because they used trivial access data, such as "admin" as username or password.

In addition, they left unnecessary ports open.

Also critical was the fact that some apps did not ask users to change their access data when they registered.

And with one camera, the researchers were concerned about the fact that it transmitted the login data unencrypted.

All in all, there are weaknesses at almost all relevant spots, which in turn reinforces the demand that IoT equipment should generally become safer.

IoT devices need more focus on security

However, the devices did not only differ considerably in terms of safety but also in terms of ease of use.

This concerns, for example, the type of data storage - and only two of the tested cameras could be used without any cables.

A few years ago, thousands of smart devices operating under the control of criminals paralysed several major Internet services.

Cameras were also affected to a large extent.

With thousands of hacked cameras, criminals are able to heavily support DDoS attacks and order them to infect neighbouring devices on the same network.

However, it is important to note that the question of the hazard level of smarthome cameras depends largely on the router settings used.

If poorly secured IP cameras can be found openly on the Internet, they can easily be integrated into a botnet.

Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
Cybersecurity market continues meteoric ascent - damages to reach $6 trillion
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More