Don’t all rush out at once, but there are a million devices ripe to be the next big botnet

A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn.

UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai.

Pen Test Partners has been researching DVR security since February 2016, long before Mirai took out DNS provider Dyn in October 2016. The firm found a buffer overflow in the web interface that leaves more than one million devices vulnerable.

“This [flaw] leads to remote code execution and a wormable exploit,” researchers warned
. “Shodan [a search engine for internet-connected devices] shows ~1M devices available as of today, which would make for a nice botnet.”

Pen Test Partners has discovered other Mirai-style vulnerabilities
before but the latest issue represents a different and potentially more severe threat.

“There are more than 50 different brands of DVR that use this software,” Pen Test Partners’ Ken Munro told El Reg
. “The supply chain is so extended, most of the DVR vendors probably don’t even realise they’re using XiongMai software.”

Pen Test Partners’ experts also discovered an non-standard telnet port (12323) that creates a route for brute force hack attempts based on default passwords against some vulnerable devices.

El Reg
has invited XiongMai to comment but we’re yet to hear back. We’ll update this story as and when we learn more. ®

The Register稿源:The Register (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 综合技术 » Don’t all rush out at once, but there are a million devices ripe to be the next big botnet

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录