Threat management provider Vectra Networks has revealed a potentially alarming security hack in a Wi-Fi-enabled camera – which could have repercussions for other IoT devices.
The experiment, carried out by Vectra Threat Labs, found the researchers were able to reprogram a D-Link Wi-Fi camera, priced at $30, to function as a network backdoor without halting the camera’s option. In theory, hackers could have full access to an organisation’s network bypassing traditional security and firewall products.
“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organisation’s private information, and go undetected by traditional security solutions,” said Gunter Ollmann, Vectra Networks chief security officer. “While many of these devices are low value in terms of hard costs, they can affect the security and integrity of the network, and teams need to keep an eye on them to reveal any signs of malicious behaviour.”
Ollmann argues the findings are particularly ironic given Wi-Fi cameras are usually deployed to enhance an organisation’s physical security. He added: “Most organisations don’t necessarily think of these devices as miniature computers, but essentially they are in that they can still give attackers access to sensitive company information, particularly because they are connected to the corporate network.
“These devices do not have the processing power or memory to run antivirus or other security software,” he said. “Since they don’t have usable persistent storage, attackers use NVRAM to store the configuration and flash ROM to store the malicious code.”
Vectra added that D-Link had been made aware of and had acknowledged the fault, but had not as of January 7 provided a solution.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.