Story image

Security cameras – a latent botnet network?

A consumer rights testing service has found that unprotected IoT cameras are one of the major problems in IT security and yet are more widespread than they should be.

In 2016, a Linux-based botnet called Mirai was used to facilitate the largest distributed denial-of-service (DDoS) attack in history using unsecured IoT devices.

The researchers found that in a comparison of 16 indoor and outdoor IP surveillance cameras, only one device was sufficiently well-protected.

Of the other 15 cameras, 10 were rated “satisfying”, 2 as “sufficient” and 3 as “poorly” on the subject of security.

The researchers also rated the integration of the smartphone apps for controlling the cameras in ten cameras as critical to very critical.

Some of the tested devices failed because they used trivial access data, such as "admin" as username or password.

In addition, they left unnecessary ports open.

Also critical was the fact that some apps did not ask users to change their access data when they registered.

And with one camera, the researchers were concerned about the fact that it transmitted the login data unencrypted.

All in all, there are weaknesses at almost all relevant spots, which in turn reinforces the demand that IoT equipment should generally become safer.

IoT devices need more focus on security

However, the devices did not only differ considerably in terms of safety but also in terms of ease of use.

This concerns, for example, the type of data storage - and only two of the tested cameras could be used without any cables.

A few years ago, thousands of smart devices operating under the control of criminals paralysed several major Internet services.

Cameras were also affected to a large extent.

With thousands of hacked cameras, criminals are able to heavily support DDoS attacks and order them to infect neighbouring devices on the same network.

However, it is important to note that the question of the hazard level of smarthome cameras depends largely on the router settings used.

If poorly secured IP cameras can be found openly on the Internet, they can easily be integrated into a botnet.

How Adobe aims to drive digital transformation for financial services
Digital transformation is a requirement for ongoing competitiveness that clearly helps businesses run more efficiently.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Microsoft NZ bids Goldie a “fond farewell”
Microsoft New Zealand director of commercial and partner business takes new role across the Tasman. The search for his replacement has begun.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.