145,000 DVRs Compromised

DVR-Transparent

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Several articles, including one by the Wall Street Journal, have recently reported that approximately 145,000 hacked DVRs and cameras were used to create some of the largest denial of service attacks ever seen on the Internet.

dvr

Attackers used hijacked security cameras and DVRs to launch several massive Internet attacks prompting fresh concern about the vulnerability of devices connected to the Internet. According to Level3, of the identifiable devices participating in these attacks, almost 96 percent were IoT devices, of which 95 percent were cameras and DVRs.

Security camera DVRs often come configured with telnet and web interfaces enabled, allowing users to configure the devices and view their security footage over the Internet making them vulnerable to attacks. This compromise can be used by hackers to get access to the customers’ local network and obtain sensitive corporate information, which is a potentially dangerous liability for the Reseller or VAR.  In order to patch or upgrade these DVRs they will have to be manually upgraded or replaced.

Checking DVRs to determine if they have been compromised and fixing them can be extremely complex and difficult.  Not all vendors provide firmware updates.  Updating the firmware, furthermore, will only clean up an infection in some circumstances.  A factory reset, if provided, may clear up the infection, but again only in a small percentage of circumstances.

barracuda-clip

Detecting and determining if a DVR is comprised can be accomplished with some network investigation or the application of security appliances that analyze all the Internet traffic.  The Barracuda Web Security Gateway is one such product, but an expert can do it with more primitive tools as well.  There is no easy answer to determine if a DVR is compromised if the vendor does not provide a solution on their website.

mirai-hf-940x377
Screenshot of Mirai

Details:
The infection that was identified was labeled “MIRAI”.  The MIRAI code has built into it a large number of default cameras and DVR passwords.  If you are using DVR’s from one of these manufacturers and didn’t change the passwords it is likely that you are infected.   If you recognize these passwords you are probably in trouble as well.  These DVR’s are sold under many different brands.

Lessons:
1) Don’t put DVRs or cameras directly on the Internet.
2) Do not open inbound ports to DVRs, NVRs or VMSs to the Internet – even with a firewall.  A firewall would not protect against these attacks.

The Eagle Eye Cloud Security Camera VMS separates the cameras from the Internet onto an isolated, protected network so they can’t be compromised or used maliciously.  Furthermore, the Eagle Eye Bridges are actively managed devices, which get firmware updates without having to send someone on site.  This allows security patches and general updates to be deployed in a timely manner.

Detailed Information:
http://blog.level3.com/security/attack-of-things/
http://www.wsj.com/articles/hackers-infect-army-of-cameras-dvrs-for-massive-internet-attacks-1475179428
http://arstechnica.com/security/2016/09/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever/
http://arstechnica.com/security/2016/06/large-botnet-of-cctv-devices-knock-the-snot-out-of-jewelry-website/
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack

ABOUT EAGLE EYE NETWORKS

Founded in 2012, Eagle Eye Networks, Inc., is #1 in cloud video surveillance worldwide, addressing the needs of businesses, alarm companies, security integrators, and individuals.  Eagle Eye’s 100% cloud managed solutions provides cloud and on-premise recording, bank level security and encryption, and broad analog and digital camera support – all accessed via the web or mobile applications. Businesses of all sizes and types utilize Eagle Eye solutions for operational optimization and security. All Eagle Eye products benefit from Eagle Eye’s developer friendly RESTful API platform and Big Data Video Framework ™, which allow for indexing, search, retrieval, and analysis of live and archived video. Eagle Eye’s open Video API has been widely adopted for integration in alarm monitoring, third party analytics, security dashboards, and point of sale system integrations.

Eagle Eye sells its products through authorized global resellers and installation partners. Headquartered in Austin, Texas, USA, Eagle Eye has offices in Europe and Asia-Pacific. For more information, please visit www.een.com or call +1-512-473-0500 (US), +31 (0) 20 26 10 460 (EMEA) or +81-3-6868-5527 (JP).

Experience A Free Demo