Vectra® Networks, the leader in real-time detection of in-progress cyber-attacks, today announced that the Vectra Threat Labs™ has verified that consumer-grade Internet of Things (IoT) products, such as Wi-Fi security web cameras, can be hacked and reprogrammed to serve as permanent backdoors, enabling potential attackers to remotely command and control a cyber attack without being detected by traditional security products.
“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organization’s private information, and go undetected by traditional security solutions,” said Gunter Ollmann, CSO of Vectra Networks. “While many of these devices are low-value in terms of hard costs, they can affect the security and integrity of the network, and teams need to keep an eye on them to reveal any signs of malicious behavior.”
Turning an IoT device into a backdoor essentially gives hackers 24x7 access to an organization’s network without needing to infect a laptop, workstation or server, all of which are usually under high scrutiny by firewalls, intrusion prevention systems and malware sandboxes, and typically run antivirus software that is updated regularly.
“Most organizations don’t necessarily think of these devices as miniature computers, but essentially they are in that they can still give attackers access to sensitive company information, particularly because they are connected to the corporate network,” said Ollmann. “Unlike the computers people regularly interact with, these devices do not have the processing power or memory to run antivirus or other security software. Since they don’t have usable persistent storage, attackers use NVRAM to store the configuration and flash ROM to store the malicious code.”
In the Vectra Threat Labs experiment, the team purchased a popular D-Link Wi-Fi camera* for roughly $30 and successfully reprogrammed it to act as a network backdoor without disrupting its operation as a camera.
“The irony in this particular scenario is that Wi-Fi cameras are typically deployed to enhance an organization’s physical security, yet they can easily become a network security vulnerability by allowing attackers to enter and steal information without detection,” said Ollmann.
The Vectra Threat Labs has provided more detail on this hack scenario via a blog post which can be found at http://blog.vectranetworks.com/blog/turning-a-webcam-into-a-backdoor.
As the threat research arm of Vectra Networks, the Vectra Threat Labs operates at the precise intersection of security research and data science. Researchers take unexplained phenomena seen in customer networks and dig deeper to find the underlying reasons for the observed behavior.
Vectra’s reports and blogs from the Vectra Threat Labs zero-in on the attacker’s goals, place them in the context of the broader campaign the attacker is waging, and provide insights into durable ways in which threats can be detected and mitigated.
Focusing on the underlying goal of an attacker and thinking about the possible methods for achieving it can lead to detection methods that are surprisingly effective for extended periods of time. To report vulnerabilities about our platform, email security@vectranetworks.com.
Vectra® Networks is the leader in real-time detection of in-progress cyber attacks. The company’s automated threat-management solution continuously monitors internal network traffic to pinpoint cyber attacks as they happen. It then automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organizations can quickly prevent or mitigate loss. Vectra prioritizes attacks that pose the greatest business risk, enabling organizations to make rapid decisions on where to focus time and resources. In 2015, Gartner named Vectra a Cool Vendor in Security Intelligence for addressing the challenges of post-breach threat detection. The American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015. Vectra’s investors include Khosla Ventures, Accel Partners, IA Ventures and AME Cloud Ventures. The company’s headquarters are in San Jose, Calif., and it has European operations in Zurich. More information can be found at www.vectranetworks.com.
*Vectra disclosed this vulnerability to D-Link in early December 2015. As of Jan. 7, 2016, the company had acknowledged the disclosure but has not provided a remedy.
###
Vectra and the Vectra Networks logo are registered trademarks and Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.