Week 2. Do you feel safe with security cameras?

When you feel unsafe in your house, the first thing that probably comes to your mind is to setup security system.  Or maybe you have kids and want to setup one or two cameras to watch over them.  I am sure doing that will bring you some level of comfort.  Other than the emotional comfort do you really think you are safer?  Yes, of course! I felt the same way.  In fact, I purchased several cameras myself.  Until today, when I came across an article, New Persirai IoT Botnet Emerges by Ionut Arghire, that was posted on May 9, 2017.  Arghire reported that thousands of internet protocol (IP) base security cameras from different manufacturers are vulnerable to the new internet of things (IoT) malware called Dubbed Persirai (Arghire, May 9, 2017).  Persirai is a malware that was built on top of Mirai, another malware that gained its popularity in late 2016.  Beside Persirai and Mirai, there are two other botnets called DvrHelper and TheMoon which are mentioned in the article Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets, by Eduard Kovacs in June 2017.

TheMoon, an internet worm, attacked about two dozens of routers in around 2013 and early 2014.  The worm first obtains basic information about the routers by using discovery. It then loads an exploit into the server through vulnerable CGI script that ran on the routers. Once getting in, the exploit started to infect the routers and spread to others. Mirai was another malware that gone wild in late 2016.  The Mirai used Distributed Denial of Service (DDOS) aiming at Telnet and Web servers.   Later on, the Mirai successor, DvrHelper was born with additional features to get around the security that restrained Mirai (Hassan, June 2017).  The Persirai, on another hand, used the Simple Service Discovery Protocol (SSDP) to spread the infection across the network.  SSDP is an underlying protocol used by the Universal Plug and Play (UPnP).  The UPnP is a discovery protocol available in many devices that are intended for a computer system.

When purchasing some of the security cameras, I read some of the reviews as I normally do.  There are several reviews claimed the sellers hack into their camera at night.   Did the sellers really do that?  After all be careful when you purchase one of those cameras.


References:
Arghire I. (May 9, 2017). New Persirai IoT Botnet Emerges.  Retrieved from http://www.securityweek.com/new-persirai-iot-botnet-emerges.

Kovacs E. (June 9, 2017). Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets.  Retrieved from http://www.securityweek.com/thousands-ip-cameras-hijacked-persirai-other-iot-botnets.

Prince B. (February 17, 2014). Linksys Router Worm Spreading. Retrieved from http://www.securityweek.com/linksys-router-worm-spreading.

Hassan J. (June 10, 2017). Persirai malware in action: IP cameras all across the world compromised.  Retrieved from https://www.hackread.com/persirai-malware-ip-cameras-compromised.

Comments

Post a Comment

Popular posts from this blog

Week 4 - STRIDE: Spoofing

Image
On week one, I briefly mentioned STRIDE as a method for threat identification. From this week, I want to go into a little more detail on each of its Mnemonic.  First, let's talk a little more about STRIDE.  In security , there are three fundamental aspects of the asset when speaking of security.  They are Confidentiality, Integrity, and Availability, which are referred to as the CIA triad.  To protect the asset means to protect its confidentiality, integrity, and availability.  STRIDE provides six ways to identify threats that would target the three areas. Spoofing: pretend to be someone or something that has legitimate permission to access the asset.  It is one of the ways to break the confidentiality . Tampering: ways to change the integrity of the asset. Repudiation: ways to obtain proves of violation Information Disclosure: access restricted information without permission (confidentiality) Denial of Service: ca...
Read more

Week 12 - The Final Words

Finally, I get to take a week of break.   This is the busiest Term so far.   Lots of demands from work plus things keep breaking at home made it tough.   I am glad it over.   With that said, I learned much from this class. In the first four weeks, I got to understand the threat modeling process and different threat modeling tools.   In a nutshell , threat modeling is about understanding your current state of the network; find all vulnerabilities, threats, and risks; formulate action plan and priority.   The process is carried out in a systematic way .   Initially, I thought the threat modeling is a process for finding the threats.   The name sounds small, but it also covers asset identification and action planning, as I realized after the comment on my assignment.  I spent the following weeks working on a security project where I apply the threat modeling process.   The first phase in threat modeling is the asset assessmen...
Read more

Week 7 - STRIDE: Repudiation

Image
In 2000, couple individuals at Signal Lake were sued for $25 million by a man named Suni Munshani.   He alleged that Signal Lake’s officers promised him a large amount of asset.     Munshani provided an email that purportedly sent from the dependents as the proof for his allegation.   The court ordered security professional to investigate and concluded that the plaintiff altered one of the emails the dependent sent to him.   Although this does not relate to repudiation, it brings an important aspect of non-repudiation.   (memecrunch.com) Repudiation, in short, is the denial of any wrongdoing , which is the very first thing anyone would do when they get caught doing something illegal.   Professional hackers learn to cover their track very well.   Likewise, security professionals learn to track.   For the email tampering case I mentioned, the defendant would not win the lawsuit if old emails weren’t available for invest...
Read more