1 min read

Remote ownage of 100k+ Camera and Gateway devices demonstrated at Defcon

Bogdan BOTEZATU

August 02, 2017

Remote ownage of 100k+ Camera and Gateway devices demonstrated at Defcon

It’s now anno domini 2017 and the number of Internet-connected devices surpass the living population by an order of magnitude. And while most of these devices help us reinvent the way we interact with our homes, our offices or with our own bodies, some “smart things” can lend hackers a helping hand in digital burglary.

This is the case with over 120,000 internet-connected security cameras manufactured by Shenzhen Neo Electronics, whose firmware contains a massive security flaw that renders them remotely exploitable. A bug in the authentication mechanism allows a remote attacker to completely take control and run commands on the vulnerable devices and turn them into a zombie army ready to trigger the next Mirai or to become tools of mass surveillance in users’ homes.

Our own Chief Security Researcher Alex “Jay” Balan got on the Defcon IoT stage with a live demo of the exploitation. And while we’re eagerly waiting for the video, his presentation ([download id=”0″]) and the technical whitepaper documenting the findings are ready for download.

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Golang Bot Starts Targeting WordPress Websites Golang Bot Starts Targeting WordPress Websites
Silvia PRIPOAESilviu STAHIE
3 min read
Darkside Ransomware Decryption Tool Darkside Ransomware Decryption Tool
Bitdefender

January 11, 2021

2 min read
Towards a Universal Security Solution against Bluetooth Low Energy Attacks Towards a Universal Security Solution against Bluetooth Low Energy Attacks
Bitdefender

July 13, 2020

1 min read