145 607 cameras and video recorders attack website

I’ve previously written about DDoS-attacks, which briefly described is a bunch of “people” trying to get through one door, causing the door to get jammed. This has been popular among scriptkiddies and others wanting to cause harm for a while now, but it seems to be increasing in popularity. Recently the famous blog “Krebs on security” was attacked so severely that the pro-bono site that hosted his blog had to say “sorry Mac, we can keep these guys out but it takes all our processing to do so. We can’t do this for free over a length of time, it’s costing us tons of money.” Krebs himself was totally fine with that, thanking them for hosting him for so long anyway. (Constantin, 2016)

These attacks run from computers that have been infested. Your computer could be contributing to malicious activity without you even knowing. However it’s branched out now – IP cameras and digital video recorders are now attacking others on the internet. 145,607 hacked digital video recorders and IP cameras in fact, attacked the popular game “Minecraft”‘s servers this week. That’s right, your video recorder might be a bad guy. Take a look at the security of your gadgets right now, especially password protect them with something other than your kid’s name.

I love the Internet of Things just as much as the next person, but I am quite concerned about the security. We have probably all seen the famous picture of Mark Zucherberg in his office

 

.. with tape in front of the webcamera and his audioports. Even the FBI director covers his webcam, apparently because a guy smarter than him did so. Not bad idea that, listening to experts, I guess.

Shodan, a search engine for Internet of Things (IoT) has been around for quite a while (2009). Pop yourself a bucket of popcorn and sit comfortably in your couch, because recently they even added a direct section for widely open security cameras. Apparently, you can currently find marijuana plantations, kitchens, gardens, ski slopes and even swimming pools. This is what Shodan does: it finds wide-open IoT devices and lets you know about them. Most of these thousands and thousands of different devices were not meant to be open but the owner does not know it is. They have not done the proper setup. (Porup, 2016) You can get a free account and watch plenty or pay a little and watch even more.

The cameras use Real Time Streaming Protocol (RTSP, port 554) to share videos and have not set up a password(!). The search engine crawls the Internet looking for IP’s with open ports. If the open port doesn’t have a password or other authentication, and is streaming, the script will register it.

Ethical and moral codes aside, it really shows the pathetic state of IT security. We can view video sources and other things but what about hacking? Sure, hacking your smart coffee machine might not be so dangerous but other things can have larger implications. IoT is growing a lot, as you mention, and security researcher Scott Erven believes that this will in the future include more about public safety as IoT includes medical devices, automotive space and other critical infrastructure. (Porup, 2016)

The next generation of IoT is almost only dependent on the user’s creativity. It will be focused on cloud services. Standardizations of protocols are very important. For utilizing the networks, it’s better not to have tens or hundreds of different protocol settings to be met – focus on a few and do it well. Security is especially important and it’s better to focus a lot on a few secure protocols and their encryption than everyone re-inventing the wheel constantly. There is an alliance called Internet Protocol for Smart Objects (IPSO) which more than 60 member companies for technology, communications and energy companies working with IETF, IEEE and ITU to come to standardized solutions. (Gubbi et al., 2013, pp.1645-1660)

I am very fond of internet-enabled gadgets, but also have these worries about security. It will be exciting to see in the future..!

 

 

 

Bibliography

Constantin, Lucian (2016) “DDoS attacks got a power boost thanks to hundreds of thousands of insecure IoT devices” IDG News Service, Available from: https://www.csoonline.com/article/3124344/internet-of-things/armies-of-hacked-iot-devices-launch-unprecedented-ddos-attacks.html (Accessed 29.09.2016)

Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M. (2013) ‘Internet of Things (IoT): A vision, architectural elements, and future directions’, Future Generation Comput.Syst., 29 (7), Available from: https://arxiv.org/ftp/arxiv/papers/1207/1207.0203.pdf (Accessed: 27.04.2016). pp.1645-60.

Porup, J. M. (2016) “Internet of Things” security is hilariously broken and getting worse | Ars Technica [Online] Available from: http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/ (Accessed: 27.09.2016).

https://www.theguardian.com/technology/2016/jun/22/mark-zuckerberg-tape-webcam-microphone-facebook

Image source: Jeferrb, Pixabay, CC public domain licence. https://pixabay.com/photo-782707/