Unpatchable 0-Day In Surveillance Cam Is Being Exploited To Install Mirai
Arthur T Knackerbracket has processed the following story:
Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices.
The attacks target the AVM1203, a surveillance device from Taiwan-based manufacturer AVTECH, network security provider Akamai said Wednesday. Unknown attackers have been exploiting a 5-year-old vulnerability since March. The zero-day vulnerability, tracked as CVE-2024-7029, is easy to exploit and allows attackers to execute malicious code. The AVM1203 is no longer sold or supported, so no update is available to fix the critical zero-day.
Kyle Lefton, a security researcher with Akamai's Security Intelligence and Response Team, said in an email that it has observed the threat actor behind the attacks perform DDoS attacks against various organizations," which he didn't name or describe further. So far, the team hasn't seen any indication the threat actors are monitoring video feeds or using the infected cameras for other purposes.
Akamai detected the activity using a honeypot" of devices that mimic the cameras on the open Internet to observe any attacks that target them. The technique doesn't allow the researchers to measure the botnet's size. The US Cybersecurity and Infrastructure Security Agency warned of the vulnerability earlier this month.
The technique, however, has allowed Akamai to capture the code used to compromise the devices. It targets a vulnerability that has been known since at least 2019 when exploit code became public. The zero-day resides in the brightness argument in the action=' parameter" and allows for command injection, researchers wrote. The zero-day, discovered by Akamai researcher Aline Eliovich, wasn't formally recognized until this month, with the publishing of CVE-2024-7029.
Read more of this story at SoylentNews.