For surveillance, Video Cameras are used with DVRs for recording the video footage for later viewing. These devices are connected to Internet for viewing the live/recorded videos from remote locations.
From our recent analysis it is found that, these devices are used as BOTs. These devices continuously scan the hosts in the Network. If any open ports are found then penetration starts from another BOT.
When we monitored the repeated unauthorized access attempts to our servers and traced back the IPs, 70% of ip addresses are assigned to DVRs, and others are to ADSL modems may be from the PCS behind the ADSL NAT.
Some of these devices belongs to innocent user and are unprotected (ie) with default user name/password and exposed to Internet. Hackers can easily take control of these devices and use them as BOT to mount attack on their preferred targets.
Most of the devices are well protected to prevent incoming connection from Internet. Even then, attack originates from them leaving a strong suspicion, that the firmware of these devices are exploited to use them as BOT.
Communication devices need a thorough verification of Firmware. The Communication Hardware and Software have to separated. Some Open Standards are needed for the firmware of communication equipment.
No comments:
Post a Comment