$30 webcam spun into persistent network backdoor

Posted on

Bring on the Internet of dangerously hacked things. Vectra Networks security wonks have spun a cheap webcam into a backdoor to persistently p0wn PCs.

The junk hacking expedition led Vectra’s chief security chap Gunter Ollman into the internals of the D-Link DCS 930L, a network camera that can be had for US$30.

The attacks are useful as an alternative backdoor for targeted attackers who already have access to a machine, or for those capable of compromising a device before it is installed by the user.

download (2)

It is not something users should expect to surface in the wild and is rather an example of the risks posed by internet-of-things devices.

Ollman dumped and reflashed the camera’s firmware so that it opened a remote backdoor that was difficult to detect and did not affect normal operation.

The update feature was also removed, preventing the backdoor from being lost through patches.

“The irony in this particular scenario is that WiFi cameras are typically deployed to enhance an organisation’s physical security, yet they can easily become a network security vulnerability by allowing attackers to enter and steal information without detection,” Ollmann says.

“Consumer-grade internet-of-things products can be easily manipulated by an attacker, used to steal an organisation’s private information, and go undetected by traditional security solutions.

“While many of these devices are low-value in terms of hard costs, they can affect the security and integrity of the network, and teams need to keep an eye on them to reveal any signs of malicious behaviour.”

D-Link has not fixed the vulnerability but researchers do not expect a patch will be forthcoming. A fix would require a Trusted Platform Module or specialised chip to verify software updates.

Hardware analysis complete with Leatherman-sliced hand is available for engineer’s viewing pleasure.

Source:http://www.theregister.co.uk/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s