Hacking CCTV Cameras to Launch DDoS attacks

The connected devices, better known as the Internet of Things, have been attracting the significant interest of, not only users but also cyber criminals that are turning them into weapons for cyber war. Due to the insecure implementation of Internet-connected embedded devices, they are routinely being hacked and used in cyber attacks. We have seen Smart TVs and Refrigerator sending out millions of malicious spam emails; we have also seen printers and set-top-boxes mining Bitcoins. And Now… Cyber crooks have targeted innocent looking CCTV cameras – common Internet-of-Things (IoT) device – to launch Distributed Denial-of-Service (DDoS) attacks. Also Read: 100,000 Refrigerators and other home appliances hacked to perform cyber attack. Yes, Surveillance cameras in shopping malls are being targeted to form a large botnet that can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS) attacks. THE CAUSE The crooks made this possible because CCTV camera operators are taking a Lax approach to security and their failure to change default passwords on the devices. Security researchers from Imperva's Incapsula team first warned about closed-circuit television (CCTV) botnet attacks in March 2014. However, according to a recent blog post published by Imperva, the DDoS attack now peaked at 20,000 requests per second and originated from nearly 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit. MALWARE INFECTED CCTVs When analyzing one of the compromised cameras located in a shopping center just five minutes from the team's office, the researchers found that the camera was infected with a variant of a known malware program known as… Bashlite, or Lightaidra or GayFgt, specially designed for ARM versions of Linux. Also Read: Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies. The most common attack consisted of HTTP GET request floods originating from around 900 CCTV cameras spread around the world. THE TARGETS The target of the DDoS attack was a rarely-used asset of a large cloud service, serving millions of users worldwide. However, Imperva did not name the firm targeted. Notably, all of the compromised cameras monitored by the firm were logged from multiple locations in almost every case, suggesting that several different hackers were abusing the weakness of unsecured CCTV cameras. Top targeted countries for CCTV botnets around the world include India, China, Iran, Indonesia, US, and Thailand. Cyber Attacks Leveraging Internet of Things Internet connected smart devices including traffic and surveillance cameras, street lights, meters, smart pipes, traffic lights, and sensors, are easier to implement, but are also easier to hack due to lack of stringent security measures. Also Read: Most Vulnerable Smart Cities to Cyber Attack on Internet of Things (IoT). The analysis done by Imperva is to raise awareness about the importance of basic security practices to secure connected devices. Because the most obvious reason for cyber attacks on internet connected devices is that the devices are rushed to market, without proper considering the device's security by design.

Car Hacking ? Scary, But Now it’s REALITY!

Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of the 14 Fiat Chrysler car models were found to be vulnerable to the hackers' exploit. Following this car hacking incident, Fiat Chrysler launched a safety recall of 1.4 Million recent car models that could be remotely exploited and controlled by hackers. Now let's have a look on affected vehicles' Models: 2013-2015 MY Dodge Viper specialty vehicles 2013-2015 Ram 1500, 2500 and 3500 pickups 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs 2014-2015 Jeep Grand Cherokee and Cherokee SUVs 2014-2015 Dodge Durango SUVs 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans 2015 Dodge Challenger Sports coupes Money could be Recovered, Not the Lives Shortly after Fiat Chrysler announced the recall, Miller raised a question, "I wonder what is cheaper, designing secure cars or doing recalls?" The same question raised in my mind too. This safety recall of 1.4 Million cars would undoubtedly have cost the company far expensive than to design its cars secure against the online threats. The car manufacturers need to understand this fact that car hacking is worse than any major bank theft. The money could be recovered, but not the Lives. The Company said neither it was "aware of any injuries related to software exploitation," nor it was "aware of any related complaints, warranty claims or accidents." "The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes the criminal action," the company said in a statement. Miller and Valasek are planning to reveal more information about their findings at the Def Con conference next month. This latest round of car hacking incident considerably raises the concerns over internet-connected vehicles.

Hackers Find A Way To Disable Car Airbags System

Car Hacking is a hot topic today. Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means that a majority of car's functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator. No doubt these auto-control systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. Previously researchers demonstrated how hackers can remotely hijack your car to control its steering, brakes and transmission. And Now… According to a team of security researchers, Hackers can successfully disable car's airbags – as well as other functions – by exploiting a zero-day vulnerability in third-party software that is commonly used by car mechanics.