Topic: Do you believe that your Security camera could be hacked in 98 sec ??

[Samker]

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network: https://twitter.com/ErrataRob/status/799569771939262464

According to Graham's series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds.

Mirai conducts a brute force password attack via telnet using 61 default credentials to gain access to the DVR software in video cameras and to other devices such as routers and CCTV cameras: http://www.theregister.co.uk/2016/11/14/mirai_botnet_dvr_link/

After the first stage of Mirai loads, "it then connects out to download the full virus," Graham said in a Twitter post. "Once it downloads that, it runs it and starts spewing out SYN packets at a high rate of speed, looking for new victims."

Graham said the defense recommended by the Christian Science Monitor – changing the default password of devices before connecting them to the Internet – doesn't help because his Mirai-infected camera has a telnet password that cannot be changed: http://www.csmonitor.com/World/Passcode/2016/1118/Vulnerable-connected-devices-a-matter-of-homeland-security

"The correct mitigation is 'put these devices behind your firewall'," Graham said.

(ElReg)