Persirai malware has infected 120,000 Chinese-made IP cams
IT IS A WEDNESDAY, so it will come as no surprise that there’s a new Internet of Things (IoT) threat dong the rounds. Trend Micro has uncovered this latest threat, dubbed Persirai, which has reportedly been infecting Chinese-made wireless cameras for around a month now. The Mirai-like threat1, which is said to have infected 120,000 IP cameras so far, exploits flaws in the cameras that a security researcher reported back in March, Trend Micro claims2.
What’s more, owners of affected cameras unlikely will know that they have been affected, which the security firm says “makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81.”
“IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware,” the researchers explained.
Once a hacker logs into the interface, he or she can then carry out a command injection to force the IP camera to connect to a download site to issue commands that download and execute malicious shell scripts . After the samples are downloaded, the Persirai malware deletes itself and runs only in memory.
“After receiving commands from the server, the IP Camera will then start automatically attacking other IP Cameras by exploiting a zero-day vulnerability that was made public a few months ago,” Trend Micro notes.
“Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength.”
Trend Micro warns that owners of a Chinese-made wireless camera should be on guard and should make sure that they are not using the default password. However, the real problem is the maker of these cameras, the security firm adds.
“The burden of IoT security does not rest on the user alone it’s also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated,” Trend Micro concludes.
- ^ Mirai: Windows Trojan helps hackers infect Linux-based devices with IoT malware (www.theinquirer.net)
- ^ Trend Micro (blog.trendmicro.com)
- ^ BrickerBot: Mirai-like malware threatens to brick insecure IoT devices (www.theinquirer.net)
An OAP security guard was savagely beaten and left for dead after he challenged an intruder inside a factory. The 73-year-old was left alone with serious head injuries for six hours until a colleague found him and raised the alarm.
Click to play Tap to play
The video will start in 8Cancel
Watch this video again
Video will play in
Watch: Ram raiders batter their way into Toy Shop to steal games consoles
The site was sealed off by officers while forensic enquiries took place.
This was a sustained and violent attack on an elderly man.
We believe he challenged a man found inside the premises which led to the unprovoked attack taking place.
The attacker then left the factory and the injured man was not discovered until five hours later.
Enquiries are continuing and we are studying CCTV and carrying our forensic investigations at the scene.
We are still trying to establish what the man was doing inside the premises and what, if anything was stolen. Witnesses or anyone with information should call police on 101 or Crimestoppers, in confidence, on 0800 555 111.
(Image: file photo)
(Image: file photo)
Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA’s ability to hack into phones, computers, and smart TVs. The documents, released by WikiLeaks1, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones. Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA’s Center for Cyber Intelligence. The CIA has so far not commented directly on the authenticity of the leak, but on Wednesday it suggested that the release had damaged national security by helping its adversaries “with tools and information to do us harm.”
WikiLeaks founder Julian Assange said in a Thursday press conference that he will give the tech companies “exclusive access”2 to some of the technical details it has of the CIA’s hacking tools, as part of an effort to expedite the security patching process. But so far there has been no such evidence of sharing files with tech companies, however. Apple said in a statement3 that it will “rapidly address any identified vulnerabilities” it finds in its Macs or iPhone software. Google, too, said it will4 “implement any further necessary protections” and that its analysis is ongoing.
Microsoft said it was “looking into” the reports, but didn’t comment further. But security experts say that many of the vulnerabilities have already been patched. Jon Sawyer, an Android security researcher, said that most of the Android bugs listed have been already patched.
“The list seems to be limited to Android 2.2 to 4.4.4 — we are on Android 7.1.1 now,” said Sawyer . He said that many of the bugs related to legacy versions of Android and older devices. “Vague descriptions of bugs is no more worrisome than the fact they know any software has unknown vulnerabilities,” he said, adding that Google was “in no worse position than they were a week ago.”
An analysis by F-Secure showed that the majority of Android users are still using Android 4.45 . Google’s own statistics shows that the software version is third6 behind Android 5 and Android 6. Will Strafach, an iOS security researcher, said that “essentially, there is nothing” in the documents that point to working vulnerabilities of iOS 10 and later. Almost 80 percent of users are currently on a version of iOS 10, says Apple7. Strafach said the Samsung smart TV vulnerability, which required an older firmware version and physical access to the device, had also been fixed. In a brief statement, a Samsung spokesperson said the company was “urgently looking into the matter.”
Linux, the open-source operating system, was also listed in the cache of documents. “Linux is a very widely used operating system, with a huge installed base all around the world, so it is not surprising that state agencies from many countries would target Linux along with the many closed source platforms that they have sought to compromise,” said Nicko van Someren, chief technology officer at The Linux Foundation, speaking to BBC News8. He emphasized that the rapid release of security patches “enable the open source community to fix vulnerabilities and release those fixes to users faster.” But the status of other products isn’t fully known.
In the cache, close to two-dozen antivirus products, including Kaspersky, Symantec, and Avast, were listed as having vulnerabilities that were exploitable by the CIA. According to the Associated Press9, the CIA used unflattering terms to deride antivirus makers, many of which the agency exploited through vulnerabilities in their software. In one case, a flaw in Kaspersky antivirus allowed the CIA to “bypass Kaspersky’s protections,” but founder Eugene Kaspersky told an AP reporter that the vulnerability was fixed “years ago.”
Avira, another antivirus maker, said it fixed a “minor vulnerability” within hours of the documents’ release. Cindy Cohn, director of the Electronic Frontier Foundation, said the CIA had “failed to accurately assess the risk of not disclosing vulnerabilities.” “Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans,” she said.
WikiLeaks said so far it has released only a fraction of what it says it obtained, and that more files will be released in the coming days and weeks.
- ^ released by WikiLeaks (www.zdnet.com)
- ^ give the tech companies “exclusive access” (www.zdnet.com)
- ^ in a statement (www.zdnet.com)
- ^ said it will (www.zdnet.com)
- ^ still using Android 4.4 (labsblog.f-secure.com)
- ^ the software version is third (developer.android.com)
- ^ says Apple (developer.apple.com)
- ^ speaking to BBC News (www.bbc.com)
- ^ to the Associated Press (hosted.ap.org)