Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,467
- Points
- 113
Not a week goes by without information security experts discovering a new batch of vulnerable IoT devices. It is "thanks to" the Internet of Things and its security problems that threats such as Mirai and powerful attacks, for which such malware is responsible, became possible.
This week, researchers have identified a number of problems at once: vulnerabilities were found in the DVR and surveillance cameras of the Chinese company Dahua, as well as in cameras from 354 other manufacturers that complete their gadgets with a "leaky" web server.
Dahua
A researcher known as Bashis noticed a problem in IP cameras and DVRs from Chinese manufacturer Dahua. He found that the devices store the web server settings in an accessible place for everyone. That is, anyone who knows the IP address of the device could access the configuration file, which contains data about all accounts. Note that you can easily find out the address and find similar devices, using at least the same Shoudan, writes xakep.ru
Bashis has posted a report on the issue, and also posted a proof-of-concept exploit on GitHub to automate attacks on Dahua devices. The company representatives rushed to contact the researcher and asked him to remove the exploit from free access, giving users the opportunity to safely update their devices. At the same time, the manufacturer released a new version of the firmware that eliminated the problem discovered by the researcher. Bashis went along with the company, so the PoC exploit was pulled from GitHub and will be re-published on April 7, 2020.
GoAhead
A more global problem was discovered by researcher Pierre Kim. Kim writes that over 1,200 IP camera models from 354 different manufacturers contain a dangerous vulnerability in the embedded web server. The researcher said that the problem lies in the very administrative interface of the Wireless IP Camera (P2P) WIFICAM devices, since OEMs use a custom and vulnerable version of the GoAhead web server, plus the firmware opens the possibility of an insecure connection to the backend. Moreover, more than 1200 camera models were built on the basis of the Wireless IP Camera (P2P) WIFICAM device.
According to the researcher, more than 185,000 vulnerable Wi-Fi cameras can be detected through Shodan, which are just waiting for someone to make them part of another botnet. The list of problem devices, which the researcher cites on the pages of his blog, includes cameras from well-known manufacturers such as 3Com, D-Link, Akai, Axis, Kogan, Logitech, Mediatech, Panasonic, Polaroid and Secam.
Initially, Kim believed the vulnerability was in Embedthis Software's GoAhead web server. However, the developers of Embedthis Software denied this theory, and the researcher admitted that GoAhead itself is not dangerous, its modifications created by Chinese manufacturers are dangerous.
Although Kim left the writing of a full-fledged proof-of-concept exploit for others, the detailed information about the problem published in his blog is enough for this. Due to the fact that there are a lot of vulnerable devices and manufacturers, the researcher did not try to contact each of them separately, instead, he publicly disclosed all the details of the problem, hoping to attract the attention of vendors. For users of vulnerable cameras, Kim recommends immediately disconnecting devices from the Internet.
This week, researchers have identified a number of problems at once: vulnerabilities were found in the DVR and surveillance cameras of the Chinese company Dahua, as well as in cameras from 354 other manufacturers that complete their gadgets with a "leaky" web server.
Dahua
A researcher known as Bashis noticed a problem in IP cameras and DVRs from Chinese manufacturer Dahua. He found that the devices store the web server settings in an accessible place for everyone. That is, anyone who knows the IP address of the device could access the configuration file, which contains data about all accounts. Note that you can easily find out the address and find similar devices, using at least the same Shoudan, writes xakep.ru
Bashis has posted a report on the issue, and also posted a proof-of-concept exploit on GitHub to automate attacks on Dahua devices. The company representatives rushed to contact the researcher and asked him to remove the exploit from free access, giving users the opportunity to safely update their devices. At the same time, the manufacturer released a new version of the firmware that eliminated the problem discovered by the researcher. Bashis went along with the company, so the PoC exploit was pulled from GitHub and will be re-published on April 7, 2020.
GoAhead
A more global problem was discovered by researcher Pierre Kim. Kim writes that over 1,200 IP camera models from 354 different manufacturers contain a dangerous vulnerability in the embedded web server. The researcher said that the problem lies in the very administrative interface of the Wireless IP Camera (P2P) WIFICAM devices, since OEMs use a custom and vulnerable version of the GoAhead web server, plus the firmware opens the possibility of an insecure connection to the backend. Moreover, more than 1200 camera models were built on the basis of the Wireless IP Camera (P2P) WIFICAM device.
According to the researcher, more than 185,000 vulnerable Wi-Fi cameras can be detected through Shodan, which are just waiting for someone to make them part of another botnet. The list of problem devices, which the researcher cites on the pages of his blog, includes cameras from well-known manufacturers such as 3Com, D-Link, Akai, Axis, Kogan, Logitech, Mediatech, Panasonic, Polaroid and Secam.
Initially, Kim believed the vulnerability was in Embedthis Software's GoAhead web server. However, the developers of Embedthis Software denied this theory, and the researcher admitted that GoAhead itself is not dangerous, its modifications created by Chinese manufacturers are dangerous.
Although Kim left the writing of a full-fledged proof-of-concept exploit for others, the detailed information about the problem published in his blog is enough for this. Due to the fact that there are a lot of vulnerable devices and manufacturers, the researcher did not try to contact each of them separately, instead, he publicly disclosed all the details of the problem, hoping to attract the attention of vendors. For users of vulnerable cameras, Kim recommends immediately disconnecting devices from the Internet.