Ankit Anubhav on Twitter
A new low has been achieved in the ease of hacking IoT devices. One does not even need to connect to the Dahua devices to get the credentials (thread) (1/n) #iot #infosec
According to Sean Newman, Director Product Management, Corero Network Security,
“Reports of passwords for thousands of public Internet-facing DVRs being exposed by the ZoomEye search engine, further highlight how connected device vulnerabilities can go unpatched for many years. In this case, a vulnerability from 2013 is being openly leveraged to extract admin passwords for the systems. This highlights one of the key issues with IoT security where, even though the vendor had actually fixed the vulnerability, the owners of the devices still haven’t got around to, or been able to, upgrade them.
“While this behaviour continues, there remains no end in sight for IoT devices being acquired for various nefarious activities including use in botnets for launching DDoS and other large-scale criminal campaigns.”