Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide.
The vulnerability the malware exploits was discovered and documented by Pierre Kim, an independent security researcher, who has located at least 185,000 vulnerable devices using the Shodan search engine. The cameras all try to tunnel out of their local firewalls by sending unencrypted data over UDP -- a cousin to TCP -- leaving them vulnerable to hijacking. Once compromised, the cameras can be used to direct devastating, unstoppable floods of traffic to bring down web sites, and can also be remotely monitored by voyeurs, burglars, and other malefactors.
The cameras are "overall badly designed with a lot of vulnerabilities" and are sold as "white-label" goods that other companies can brand and sell under a variety of model numbers (this is common with Internet-of-Shit devices, like the insecure PVRs used by criminals to monitor CCTVs in order to plan robberies).
Less than a month after Kim's report, the Persirai appeared on the scene, harnessing infected devices to serve as part of a denial-of-service botnet. Persirai alters infected devices to prevent them from being infected by competing strains of malware -- this may also offer some protection against the vigilante worms (like Brickerbot) that unknown parties have fielded to infect and permanently shut down vulnerability devices.
New IoT malware targets 100,000 IP cameras via known flaw
[Michael Kan/CSO Online]
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
[Pierre Kim/IT Security Research by Pierre]
In 2016, EFF sued the US Government on behalf of Andrew "bunnie" Huang and Matthew Green, both of whom wanted to engage in normal technological activities (auditing digital security, editing videos, etc) that put at risk from Section 1201 of the Digital Millennium Copyright Act.
Microsoft is no stranger to the use of "Fear, Uncertainty and Doubt" in the pursuit of monopolistic goals; the company perfected the tactic in the early 1990s as a way of scaring enterprise customers away from GNU/Linux; today, the company shows off its mastery of FUD in its filings to the Federal Trade Commission condemning […]
In 2002, Lexmark was one of the leading printer companies in the world. A division of IBM—the original tech giant—Lexmark was also a pioneer in the now-familiar practice of locking customers in to expensive "consumables," like the carbon powder that laser-printers fuse to paper to produce printouts.
Whether you’re using them for next-level selfies or steady tracking shots, gimbals are a must for anyone who wants to maximize the potential of these powerful smartphone cameras we’re all carrying around. But those smartphones are also supposed to be portable, and let’s face it: Gimbals tend to offset that advantage. Weighing in at just […]
It’s too hot for yard sales, but hey: The internet is here for you. Here are the top ten deals on some of the Boing Boing Store’s best gear, just in time for summer. It’s everything from grills to security cameras to MacBook Pros, and they might be as low as they’re ever going to […]
When it comes to getting stats and ideas across quickly, there’s still nothing like a good slide presentation. But the critical word here is “good” – not 20 slides all thrown together with the same stock PowerPoint template. Whether it’s a crucial pitch for a new business or a quarterly report, Slideshop can be a […]