Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide.
The vulnerability the malware exploits was discovered and documented by Pierre Kim, an independent security researcher, who has located at least 185,000 vulnerable devices using the Shodan search engine. The cameras all try to tunnel out of their local firewalls by sending unencrypted data over UDP -- a cousin to TCP -- leaving them vulnerable to hijacking. Once compromised, the cameras can be used to direct devastating, unstoppable floods of traffic to bring down web sites, and can also be remotely monitored by voyeurs, burglars, and other malefactors.
The cameras are "overall badly designed with a lot of vulnerabilities" and are sold as "white-label" goods that other companies can brand and sell under a variety of model numbers (this is common with Internet-of-Shit devices, like the insecure PVRs used by criminals to monitor CCTVs in order to plan robberies).
Less than a month after Kim's report, the Persirai appeared on the scene, harnessing infected devices to serve as part of a denial-of-service botnet. Persirai alters infected devices to prevent them from being infected by competing strains of malware -- this may also offer some protection against the vigilante worms (like Brickerbot) that unknown parties have fielded to infect and permanently shut down vulnerability devices.
New IoT malware targets 100,000 IP cameras via known flaw
[Michael Kan/CSO Online]
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
[Pierre Kim/IT Security Research by Pierre]
Your car is basically a smartphone with wheels, and it gathers up to 25gb/hour worth of data on you and your driving habits -- everything from where you're going to how much you weigh. Cars gather your financial data, data on the number of kids in the back seat, and, once they're connected to your […]
Writing in Wired, Zeynep Tufekci (previously) echoes something I've been saying for years: that the use of Digital Rights Management technologies, along with other systems of control like Terms of Service, are effectively ending the right of individuals to own private property (in the sense of exercising "sole and despotic dominion" over something), and instead […]
This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call.
If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]
If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]
Does your gaming setup need an upgrade? No need to wait for Christmas. We’ve rounded up the latest tech accessories for your favorite video game platforms. All of them are already sale priced, but you can knock an additional 15% off the final price for Memorial Day by using the online code WEEKEND15. Audeze Mobius […]