Compromised webcams and devices in Asia » Manila Bulletin Technology

0
96


Published

By Wilson Chua

One can never be too paranoid. You remember that webcam you installed at home and in your office? Chances are someone else is watching it. This after John tipped me to how easy it is. It is impressive and alarming at the same time.

Cyber criminals can detect your exposed webcams. They can connect to it. They access and use your very own webcam to find out when and where to ‘hit’ you. They use it to ‘case’ your properties. Cyber spies make use of these open webcams. Hackers can also use it as a base to launch distributed denial of service attacks.

Using an online tool, John was able to identify a large number of vulnerable webcams installed in Asia. Indonesia has the most number of vulnerable webcams in Asia.  You can see from the chart below:

For the Philippines, Makati seems to have the most number of vulnerable CCTVs that are accessible online. I am hoping none of these exposed webcams are installed in sensitive national agencies.

chart2

It gets worse. Using the same technics that John shared, I found other vulnerable devices. All major carriers are “guilty”. They did not change the default passwords when they deployed these devices. This means hackers can easily gain access and take over these devices. It is extremely bad. Take the case of these 333 devices with the default username: cisco and password of cisco.

Sample output:

“Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username “cisco”

with the password “cisco”. The default username and password have a privilege l”

graph3

 

I do hope that these are ‘false positives’.  I hope these vulnerabilities are actually intentionally left there as part of a security strategy.

Maybe it is a honeypot?

As Nicasio Pereze Lim Aquino puts it: “If I am going to set up a honeypot, that would be my first step.”

A honeypot is a device that looks ‘vulnerable’ to attack in the hopes that hackers actually connect to it. Honeypot activities are used by security professionals to learn more about attack patterns and their sources.

What you can do?

Browse https://iotscanner.bullguard.com and see if you have vulnerable devices in your network. You should ask your ISPs or network administrators to change the passwords for you.  Do this now.

For system administrators, you might want to block these IPs:
93.120.27.62

85.25.43.94

85.25.103.50

82.221.105.7

82.221.105.6

71.6.167.142

71.6.165.200

71.6.135.131

66.240.236.119

66.240.192.138

198.20.99.130

198.20.70.114

198.20.69.98

198.20.69.74

188.138.9.50.

My thanks to John for sharing this. John Patrick Lita is currently the VAPT manager at Cyber Security Philippines – CERT. He is also Chapter President at OWASP PH. His article is part of research efforts  for CSPCERT.

Here is John’s webcam expose research.

Tags: , , , ,



All Credit Goes There : Source link

Comments

comments