If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
A web attack that hit a hosting company with one terabit of data is possibly the largest ever seen and it used a network of smart devices such as webcams.
I rest my case. We are going to hell in a handbasket.
I rest my case. We are going to hell in a handbasket.
actually most if not all domestic routers are known to have insecurities that can be exploited - the web cams, baby minders etc are possibly easier to exploit - eg one botnet utilised a particular badly implemented webcam - the usual entry point into these devices are hardcoded backdoors placed there supposedly to allow remote debugging of devices without requiring competence on the part of the users but sometimes left there by developers in rush to market. Such features just also happen to a convenient feature for security/police use - catch is that no manufacturer has any interest in supporting updates - for mobile phones + desktops there is some pressure to provide some security updates but note how short the lifetimes of such supported devices works to the advantage of certain manufacturers and against consumers.
actually most if not all domestic routers are known to have insecurities that can be exploited - the web cams, baby minders etc are possibly easier to exploit - eg one botnet utilised a particular badly implemented webcam - the usual entry point into these devices are hardcoded backdoors placed there supposedly to allow remote debugging of devices without requiring competence on the part of the users but sometimes left there by developers in rush to market. Such features just also happen to a convenient feature for security/police use - catch is that no manufacturer has any interest in supporting updates - for mobile phones + desktops there is some pressure to provide some security updates but note how short the lifetimes of such supported devices works to the advantage of certain manufacturers and against consumers.
very true - didn't intend to imply they were - routers merely have a different set of insecurities eg most even tho allowing password control can have this password reset by certain 'security' strings sent back to router - since most home routers are controlled by the local lan side and tend to use the default manufacturer's setting for the lan address then using the javascript that most users insist on leaving fully engaged it is possible to send these security strings back to the router, then follow up with the default password then alter the settings after which your router is 'owned' by the malware.
Web cams easier as they usually have a telnet interface still enabled (presumeably you have read the manual + disabled this ?) - there are a couple of home NAS servers that have public access files to which the user cannot turn access off - now all it takes is a scan of an IP address range looking for eg these NAS boxes or webcams then follow this up by a directed attack and your NAS box or webcam has now joined a botnet (+ if you do online banking probably installed a keylogger to any PCs it finds (esp MS devices as in past these were used by most and have many weaknesses)
for those who want some of the details before the onslaught of script kiddies starts see https://krebsonsecurity.com/2016/10/...irai-released/ - and yes for Anastasius it even mentions routers and web cams in the same sentence.
Comment