Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide.
The vulnerability the malware exploits was discovered and documented by Pierre Kim, an independent security researcher, who has located at least 185,000 vulnerable devices using the Shodan search engine. The cameras all try to tunnel out of their local firewalls by sending unencrypted data over UDP -- a cousin to TCP -- leaving them vulnerable to hijacking. Once compromised, the cameras can be used to direct devastating, unstoppable floods of traffic to bring down web sites, and can also be remotely monitored by voyeurs, burglars, and other malefactors.
The cameras are "overall badly designed with a lot of vulnerabilities" and are sold as "white-label" goods that other companies can brand and sell under a variety of model numbers (this is common with Internet-of-Shit devices, like the insecure PVRs used by criminals to monitor CCTVs in order to plan robberies).
Less than a month after Kim's report, the Persirai appeared on the scene, harnessing infected devices to serve as part of a denial-of-service botnet. Persirai alters infected devices to prevent them from being infected by competing strains of malware -- this may also offer some protection against the vigilante worms (like Brickerbot) that unknown parties have fielded to infect and permanently shut down vulnerability devices.
New IoT malware targets 100,000 IP cameras via known flaw
[Michael Kan/CSO Online]
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
[Pierre Kim/IT Security Research by Pierre]
Abbott Labs makes a continuous glucose monitor -- used by people with diabetes to monitor their blood-sugar levels -- called (ironically, as you'll see below) the Freestyle Libre.
"Activation Lock" is a tool that uses Apple's trusted computing hardware to render systems inoperable if you don't have a login/password; nominally, this is used for theft-deterrence, but when Apple product owners fail to disable Activation Lock when they dispose of their equipment, it becomes effectively impossible to refurbish or repair, dooming it to become […]
How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used […]
If one of your New Year’s resolutions is to travel more, you owe it to yourself to learn the language of the place you’re visiting. If you’re not sure where to start, give these resources a look. From mobile apps to online courses, these products can get you conversant in a new language before you […]
Anyone who loves biking, skiing, or snowboarding in the great outdoors knows just how difficult it can be to safely transport your gear—especially during extended trips. These three accessories make it easier than ever to securely attach your gear to your car. So if you’re planning to embark on a outdoor adventure soon, you’d be […]
It seems like AI is everywhere these days, from the voice recognition software in our personal assistants to the ads that pop up seemingly at just the right time. But believe it or not, the field is still in its infancy. That means there’s no better time to get in on the ground floor. The […]