No Surprise: IoT Devices Easy to Hack

Tuesday, January 19, 2016 @ 12:01 PM gHale

As has been said for some time now, Internet of Things (IoT) devices have promise to provide great dividends, but they also have the potential to bring more security issues to the party.

One case is point are Wi-Fi security web cameras that include security flaws which could allow attackers to reprogram them and use them as persistent backdoors, said researchers at Vectra Networks.

Security: Ease the Pain …
… Experts See ‘More of the Same’
Unsupported ICS: Not an Easy Upgrade
Age of New and Different

Insecure IoT devices enable attackers to remotely command and control an attack while avoiding detection from traditional security products Vectra researchers said.

By turning an IoT device into a backdoor, attackers gain 24×7 access to an organization’s network without infecting a laptop, workstation or server, which usually enjoy firewall protection, intrusion prevention systems and antivirus software.

Vectra conducted an experiment that again shows the risks associated with adding IoT devices to your network.

The Vectra Threat Labs experiment focused on a popular D-Link Wi-Fi camera available for purchase at around $30. The security researchers managed to successfully reprogram it to act as a network backdoor without disrupting its operation as a camera, though the process required physical access to the device.

The researchers said in a blog post the reprogramming process started with taking the camera apart and dumping the content of the flash memory chip on the PCB (printed circuit board) for further analysis. The firmware consisted of a u-boot and a Linux kernel and image, and the team managed to access the Linux image filesystem.

After further analysis, the researchers included the backdoor in the firmware in the form of a service inside the Linux system, and they went for a connect-back Socks proxy.

The team then tested whether they could bring back a telnet socket to an outside host, thus gaining remote persistence to the webcam. Having the webcam acting as a proxy allowed them to send control traffic into the network to advance attacks and explains that an attacker could use the webcam to siphon out stolen data from a company’s network.

The researchers said this doesn’t necessarily mean D-Link’s web camera has a major security issue, but rather IoT devices have a high impact on the attack surface of a network. These devices can end up hacked easily and, while they do not cost that much, they certainly matter to the security of a network.

“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organization’s private information, and go undetected by traditional security solutions,” said Gunter Ollmann, CSO of Vectra Networks. “While many of these devices are low-value in terms of hard costs, they can affect the security and integrity of the network, and teams need to keep an eye on them to reveal any signs of malicious behavior.”

The security researchers also said D-Links is aware of the vulnerability, but has not yet provided a fix.