It was cameras that killed the Internet last week

Oct 24, 2016

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

It was cameras that killed the Internet last week

Oct 24, 2016

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Join the Discussion

Share on:

security

Chinese electronics component manufacturer Hangzhou Xiongmai Technology (Xiongmai) has said that its products inadvertently played a roll in Friday’s massive cyber attack that disrupted major internet sites including Twitter, Spotify and PayPal throughout the USA and other parts of the world on Friday.

Xiongmai are a vendor of Internet-connected cameras and DVRs. The company admitted that security vulnerabilities involving weak and unchanged passwords were partly to blame for the attacks. According to security researchers, an Internet of Things (IoT) bot called Mirai is responsible. It’s estimated that Mirai infects over 500,000 devices, and around 10% of these were used in Friday’s DDoS attack.

The Guardian reports that Friday’s cyber attack has alarmed security experts around the world because it presents a new type of threat. What makes it unique is that it’s based around the vast distribution of  seemingly innocuous devices like webcams. Because such devices are considered to be mostly harmless, the security surrounding them is often quite weak. The Xiognmai products being recalled are all webcam models.

It’s not uncommon to leave IoT devices at their defaults. I’ve got a few here that are still on their default settings, purely because they’re only used on a local network, and not the actual Internet. For many users, though, they don’t even know there are remote login passwords for their devices, or that they need to be changed at all. What’s even worse is that some devices don’t even allow you to easily change it.

That is the issue with these webcams. There’s no way for users to change the password. Zach Wikholm of security firm Flashpoint, told journalist Brian Krebs, “The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist”.

The good news is that with these particular webcams, the malware can be disabled by simply rebooting the device. The bad news is, it’s already out there on so many devices already, that your machine would be reinfected within about five minutes.

With the multitude of potentially exploitable devices in our lives today, which can include devices such as DSLR remotes, it’s only going to get worse as time goes on. At least, it is if IoT vendors don’t start seriously upping their security game.

Has this made you start taking a more serious look at the random devices you own? Has it put you off purchasing IoT devices? What about those Smart TVs and Android based media centres? Who really knows what’s vulnerable? Is it too late to put the genie back in the bottle? Or can we get ahead and take control of this? Let us know your thoughts int he comments.

[via Gizmodo / PCWorld / Guardian ]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

John Aldred

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 responses to “It was cameras that killed the Internet last week”

  1. dracphelan Avatar
    dracphelan

    I have friends who work information security. They’ve been warning people about the “internet of things” security issues. I’m very careful about what devices can connect to the internet in my home.

  2. bartom Avatar
    bartom

    what brands do they sell?

  3. suruha Avatar
    suruha

    One would know it if they had any IoT products, wouldn’t they? The only things I can think of are my modem for my internet/pc (rented from my provider) and my snap-and-shoot camera. I only download my pix with the card, I don’t hook the camera up.
    Is there some place I could find out if I have any of these IoT things? LOL I sound naive because I AM! LOL
    I would appreciate any help.
    Thank you!
    Su