A new botnet is slowly building critical mass by exploiting unsecured webcams and IP cameras and conducting mass scans for vulnerable devices. The scans come a month after a vulnerability was disclosed affecting over 1,250 camera models. Cesare Garlati, Chief Security Strategist at prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at prpl Foundation:
“The fact that a new botnet has been uncovered one month after the last vulnerability was discovered in not surprising and should, if anything, be evidence for developers and manufacturers to take an open approach to security. Regulators should enforce ISPs to temporarily block IP addresses known from being part of active botnets/DDOS which would prevent attackers from further exploiting already infiltrated devices.
A breach of these devices doesn’t represent a traditional loss of data with resulting fines, but an actual physical attack that unfortunately might involve human casualties or fatalities and confirms the importance of securing IoT devices. Individually, they don’t represent a serious threat but combined in the hundreds of thousands they can easily disrupt critical infrastructure.
By relying on an inherently more secure open source code and concentrating on securing embedded devices at the hardware level through security by separation using hardware virtualisation, the situation could start to improve. It won’t happen overnight, but if developers could agree to get the basics of security, we would see a safer, more secure and interoperable Internet of Things emerge.”