/>
X
Innovation

Avtech product flaws could lead to the next IoT botnet

At least 130,000 DVRs and IP cameras appeared on Shodan.
zack-whittaker-hs2016-rtsquare-1.jpg
Written by Zack Whittaker on

(Image: File photo)

A security researcher has found a slew of vulnerabilities in products made by Taiwanese electronics maker Avtech.

Gergely Eberhardt said in a blog post that of the most serious flaws, an attacker could retrieve the plaintext-stored password of various Avtech products, including digital video recorders and internet-connected surveillance cameras. In the 14 vulnerabilities, he also found unauthenticated command injection and information leakage flaws.

Eberhardt published proof-of-concept code alongside each vulnerability after not hearing back from the company after three separate attempts in almost a year.

You probably think that bug-ridden surveillance cameras aren't a big deal -- but it's what hackers can do with those compromised devices that should have you concerned.

At the time of Eberhardt's post, he said at least 130,000 Avtech devices appear on Shodan, the search engine for open ports and Internet of Things devices. (It was slightly less when we checked, landing in at 120,757 devices as of Wednesday.)

But that's still a significant number of Internet of Things devices that are prime-picking for launching a powerful botnet, capable of bringing down sites and overloading networks.

These types of botnets are becoming more common. Just last week, independent security reporter Brian Krebs' website was downed by a huge distributed denial-of-service attack launched by the Mirai botnet, which was powered in part by compromised internet-connected devices.

Eberhardt's advice is simple: users should change their Avtech device passwords. And to be really safe, "never expose the web interface of any Avtech device to the internet," he added.

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop
the-old-hard-disk-drive-is-disintegrating-in-space.jpg

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop

Google Play malware: If you've downloaded these malicious apps, delete them immediately
a-man-sitting-in-his-living-room-looking-at-his-smartphone-with-concern

Google Play malware: If you've downloaded these malicious apps, delete them immediately