Hacked: Hacking Finance

Is Your Webcam A Backdoor?

Introduction

Justin OConnell

Justin OConnell

Justin O'Connell is the founder of financial technology focused CryptographicAsset.com. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.


LATEST POSTS

ICO Analysis: Agrello Self-Aware Contracts 14th July, 2017

ICO Analysis: Everex Capital Transfer System 11th July, 2017

Cybersecurity

Is Your Webcam A Backdoor?

Posted on .
This article was posted on Wednesday, 14:32, UTC.

While stories appear every day regarding the vulnerabilities of smart fridges and TVs, IoT technologies like webcams represent a far more desirable target for hackers.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Vectra Threat Labs, a research arm of Vectra Networks, detailed today how consumer-grade Internet of Things products – in this case, a Wi-Fi security camera – are hackable and programmable as “permanent backdoors.”

According to the Lab, this allows “potential attackers to remotely command and control a cyber attack without being detected by traditional security products.” A hacker could thus gain full-time access to a network without needing access to a laptop, workstation or server.

“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organization’s private information and go undetected by traditional security solutions,” said Gunter Ollmann, CSO of Vectra Networks, in the company’s statement. “While many of these devices are low-value in terms of hard costs, they can affect the security and integrity of the network, and teams need to keep an eye on them to reveal any signs of malicious behavior.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Vectra Threat Labs purchased a D-Link Wi-Fi webcam and successfully reprogrammed the approximately $30 camera to work as a backdoor. It functioned still like a camera.

“The irony in this particular scenario is that Wi-Fi cameras are typically deployed to enhance an organization’s physical security, yet they can easily become a network security vulnerability by allowing attackers to enter and steal information without detection,” said Ollmann.

The research provides a foundational framework for the case that consumer-grade networked devices can be hacked and, therefore, pose a threat to a home or organization’s overall security.

“The vast majority of people do not yet know or understand the hidden capabilities of the devices they are purchasing and deploying throughout their homes and businesses,” Ollmann told Hacked. “These hidden capabilities, and the methods of exploiting them are unfortunately not known to  hackers and are in the process of being used as tools to attain perpetual access and control of the networks they are deployed upon.”

Industry experts say that web-based cameras, and other consumer grade IoT products, feature similar designs, and thus similar vulnerabilities. While the consumer has acclimated to security products like firewalls for computers and smartphones, many other devices do not yet offer such security products.

Everyday consumer devices can be hacked and used as backdoors into the network to which they connect. Since it remained operational as a webcam, it would be nearly impossible to detect the breach in the D-Link camera, which is designed similarly to many mass-produced consumer-level electronics.

“Devices that can be easily attached to the network and remotely controlled or managed via the Internet tend to be soft targets,” Ollmann added. “It doesn’t help that many of the popular ‘small footprint’ operating systems popularly used for mass-produced network devices are poorly secured themselves.” D-Link shed more light on the vulnerability exposed by Vectra Threat Labs.

“[It] is a complicated and atypical hack that involves splitting the camera open by the potential hacker to gain access to the PCB and flash the camera manually,” a representative for D-Link told Hacked. “While the vulnerability is not a common occurrence and one that is difficult to protect against due to the modification of the device, D-Link is evaluating solutions including, signed and encrypted firmware, and more advanced methods using secure hardware elements to  prevent these types of vulnerabilities.”

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Receive New Posts on Email:



Justin OConnell

Justin OConnell

http://www.cryptographicasset.com

Justin O'Connell is the founder of financial technology focused CryptographicAsset.com. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.

Comments
  • user

    AUTHOR Kushe Louise

    Posted on 11:09 pm January 16, 2016.

    REMOTE LATEST 2016 NEW PHONE SPY HACKING SOFTWARE FOR MOBILE PHONES AND WINDOWS PC.

    This Hacking software is the latest and can work remotely without getting access to the phone.

    You can read messages, listen to calls, divert SMS, Viber, BBM, Whatsapps, Faebook, Skype message. Delete photos and call logs.

    With the software, you can monitor and know current location and know exactly where he/she is, listen to he/she calls and see who he/she is chatting with at real time.

    the software works remotely without getting access to the phone.

    Mobile phone spy, latest software spy, cell phone hacking, cell phone spy, Mobile phone tracking, spy phone, spy mobile.

    Contact us now for your own copy.

    Skype: harklodz

    http://yezlodz.do.am/

    Jabber: [email protected]

    Email: [email protected]

  • View Comments (1) ...
    Navigation
    A darknet market, also referred to as a "DNM" is,…