CCTV Camera Hardware Exploited by Hackers
The internet has connected every computer, smart device, and IoT equipment on the globe. No offence, but this has triggered the chances of hacking and hijacking our personal and professional computers, smart wearables, and even CCTV cameras and data storage. Hackers called out numerous zero-day exploits in security cameras that were manufactured by LILIN, a Taiwanese company.
Reportedly, hackers responsible for FBot, Chalubo, and Moobot — all those famous botnet attacks found vulnerabilities in the DVRs manufactured by LILIN. And, attacks began to strike the security cameras’ DVRs. No doubt, it has exposed personal and professional lives to hackers, and they might have stolen security information, according to CCTV repair experts.
When did it all Begin?
The manufacturer of IP video solutions, LILIN, was unaware of such serious attacks for months. After proper research, the issue came under the limelight. The company discovered that the camera DVRs had bugs on 19 January. Whereas all these attacks started taking place from last year’s August 30.
However, it took more time to cover up all the vulnerabilities that all those bugs caused. The affected company released security patches on February 14. Yet, the company disclosed the entire attack news through Qihoo 360 Netlab’s professional team on the coming Friday. The solution to this problematic bug was a firmware update, and the professional applied the solution on 11 DVR and IP cameras manufactured by LILIN.
The severity of the Cyberattack
Detecting the vulnerabilities and finding the way out to fix all the bugs were never easy. The experts of Netlab described the botnet attack on IP cameras’ DVRs as tricky and mastermind. The technical flaw of the attack can be categorised into three different segments. They are as follows:
- Hard-coded login credentials
- /z/zbin/net_html.cgi arbitrary file-reading vulnerabilities
- /z/zbin/dvr_box command-injection vulnerabilities
In addition to these, the web services offered by /z/zbin/dvr_box and the web interfaces associated with it have a vulnerability of command-injection type. Those web interfaces were /dvr/cmd and /cn/cmd. The experts’ team also declared that there had been three injected parameters, namely — NTP, NTPUpdate, and FTP.
This is not the end. Researchers found that the attacks have been triggered by different botnets. The researchers got to know about the traces of Chalubo bots in August. This botnet is popular for attacking weakly secure IoT devices, such as IP security cameras. Additionally, Fbot is a Satori-associated botnet that hackers use to propagate utilising blockchain DNS technology.
And, the last one, Moobot is a newcomer in the botnet family. Derived from the Mirai botnet, Moobot caused the CCTV disaster in the same way. However, the researchers from Netlab didn’t elaborate on how the botnets led to the malfunction of those CCTV cameras and their DVRs. The distributed denial-of-service was a massive attack through LILIN IP cameras and IP cameras.
The Solution to the Mass CCTV Camera Exploit
As you have already noticed, the solution was firmware to fix the bugs that the security cameras have encountered. The firmware patch can be only deployed by the owners. The manufacturer of the security cameras can’t push the deployment of the firmware. As it’s quite uncertain whether all the security cameras and their components will receive the firmware patch update at the same time. Additionally, it takes a bit of time to release all the major security updates for the manufacturer or the service vendor.
On the other hand, deploying a firmware update on IoT devices can be problematic, especially for those which are currently in use. When it comes to LILIN DVR vulnerabilities, there’s one that is associated with the NTPDate computer program of the DRV. This specific program, namely NTPDate, is responsible for syncing the date and time of a computer by an NTP server query.
The vulnerability of the LILIN software was that it didn’t have any filtration procedure to check out ValidateHostName fields. Consequently, the devices failed to see what was coming and fell into the trap.
It was quite easy for those hackers to target all those security cameras with a command injection attack. Well, the security aspects of LILIN were too weak to handle the attack. Similar attacks took place due to the vulnerabilities present in the FTP settings of the software. It can allow remote access to the /dvr/cmd interface. And, this happened due to the hard-coded account passwords. The command-line interpreter can infiltrate the system and make the software act according to the hackers’ preference.
In addition to this, the file reading component of the bug can fetch the device configuration and even get access to the password. The injection of these commands can occur by rectifying the server field of the NTP or FTP parameters. These are present in the /zconf/service.xml file. However, the latest security patch named 2.0b60_20200207 fixes the bug issues with the LILIN IP cameras and DVRs.
How to Avoid DDoS Attacks on Security Cameras?
When it comes to security cameras, the main problem with them is that you can’t sneak into them like the way you do it with your computers. However, this doesn’t mean that you can’t secure your CCTV cameras from unexpected DDoS attacks. According to CCTV repair professionals, hackers have been targeting IoT devices, especially CCTV cameras, for their vulnerabilities towards security aspects.
To begin with, always remember to change the default password of your security cameras. Assign a critical password that would be hard to guess for hackers. It will be far better if you can manage to update the password of the security camera.
In addition to this, make sure that your security cameras contain the latest firmware updates. In case you fail to install the modern firmware update, it can become prone to sudden DDoS attacks.
If you rely upon CCTV cameras for your business or residential property, then you should be more selective while deciding on the best security cameras. Go for those camera brands that provide optimum security options. Botnets are growing powerful and a moment of carelessness can drive your efforts to data breaches and other security vulnerabilities. Play safe and be extra alert when it comes to IoT devices.