John Silva John Silva Author
Title: Thousands of pirated CCTV cameras
Author: John Silva
Rating 5 of 5 Des:
Piracy of over 25,000 surveillance cameras around the world, to conduct computer attacks, illustrates the vulnerability of connected object...
Piracy of over 25,000 surveillance cameras around the world, to conduct computer attacks, illustrates the vulnerability of connected objects.

Smile, you are "hacked". Hackers took control at a distance of some 25,513 surveillance cameras spread throughout the world. The information was revealed earlier this week by security firm Sucuri and highlights the vulnerability of connected objects. According to experts Sucuri, hackers had in mind to create a network of "botnet" (zombie machines used without the knowledge of the owner) that would have allowed them to launch targeted attacks, including denial of service. These attacks, also called DDoS, are to simultaneously send thousands of requests in order to saturate the servers of a company and make a service (in this case of remote monitoring) unavailable. Some hackers often agitate this threat to demand ransoms of companies or communities.
A quarter of cameras hacking cases reported by Sucuri for Taiwan. After the US (12%), Indonesia (9%), Mexico (8%) and Malaysia (6%). Followed by Italy, Israel (5% each). France is not spared as 500 cameras have been hacked in France (2% of total). A percentage substantially equivalent to that of Spain and Vietnam. This figure needs to be put. In France, more than a million security cameras are currently in operation in public space. Many of which in open data (the live-cam), such as those that broadcast live images on tourist offices sites resorts or ski resorts.

A question of costs

Peter Gyöngyösi product manager BalaBit IT Security, a European provider of security solutions, "that any hacking 25,000 surveillance cameras further demonstrates the problem of security of connected objects of everyday life. This time, the consequences do not target the users directly, hacking therefore clearly not have the same scope as that of a manufacturer of toys like VTech or hacking baby monitors, highlighted a few months ago, for example " . According to him, this results from the fact that "the manufacturing costs always take precedence over safety."
Arnaud Cassagne, development director of the integrator Cheapest (Newlove group), noted for his part that "the safety of connected objects is clearly still failing today. Let us look at the reality of the companies that provide connected objects: they use free software as the basis of development, and operating systems are often fallible. The means of exchange are not always secure (versions of SSL / TLS outdated, potentially vulnerable). Security often gets sidelined to go fast. The focus is on ergonomics and design. "According to him, the mode connected round the clock, 7 days 7 make it difficult to correct these faults.

When "Big Brother" escapes its designers

For Megherbi Tewfik, a consultant at F5 Networks, a company that offers to the corporate IT infrastructure optimization solutions, "this DDoS attack shows how the Internet of Things (IoT) can be powerful, but also vulnerable, or be diverted from its primary function and used as an attack vector. We knew that DDoS attacks could target connected objects, but the novelty here is that these objects become an attack vector to serve a DDoS. "These operations that actually require very few resources on each of the infected equipment should, therefore, multiply in the near future.

To guard against such attacks, businesses and governments equip themselves, now more and more often, the type of solutions WAF (Web Application Firewall - firewall suitable for large structures), integrating functions protection against DDoS attacks against botnets. The proliferation of connected embedded devices (medical or transportation), both sensors or intelligent sensors collecting continuous, data, requires the development of security solutions increasingly efficient. It is in this context that the National Security Agency Information Services (Anssi) has formally ordered certain services (private and public) qualified vital operator to acquire sophisticated protection systems . To date, three sectors have seen this authority issuing decrees detailing the security features they need to develop urgently, from 1 July: health products, water management, and food. Energy, transport and defense should follow.


Post a Comment