Top surveillance camera has a major security flaw that allows hackers to install Mirai botnet

News
By
published

Affected camera is past its end-of-life date, meaning no patch is coming

Big CCTV focusing on a smartphone and icons hovering above it
(Image credit: Shutterstock)
Jump to:

A widely-used surveillance camera has been found carrying a high-severity vulnerability that allows threat actors to take over the device.

Researchers from Akamai recently reported cybercriminals started exploiting the flaw in the AVM1203, a surveillance camera model designed and sold by Taiwanese manufacturer AVTECH, to hijack the endpoints and assimilate them into the Mirai botnet.

Since the model reached its end-of-life status long ago, AVTECH will not be patching the bug, so the best course of action for any owners would be to replace the device with a newer model.

CISA recommendations

The vulnerability in question is tracked as CVE-2024-7029. It has a severity rating of 8.7 (high-severity), and is described as an “improper neutralization of special elements used in a command ('Command Injection')”.

CISA’s technical description states that the flaw allows commands to be injected over the network, “and executed without authentication.”

Those who are unable to replace the device, should take defensive measures, CISA recommends. Those include minimizing network exposure for all control system devices and/or systems (making sure they’re not accessible from the public internet), and locating control system networks and remote devices behind firewalls, and isolating them from business networks.

Ultimately, if it is absolutely necessary for the endpoint to be accessible via the internet, CISA recommends using secure methods such as VPNs, while still stressing that many VPNs may have vulnerabilities, as well.

Mirai is a popular botnet that primarily targets Internet of Things (IoT) devices. It was first discovered in 2016, and has since grown to be almost synonymous with Distributed Denial of Service (DDoS) attacks. The Mirai botnet gained notoriety in October 2016 when it was used to launch one of the largest DDoS attacks in history against Dyn, a major DNS provider. This attack disrupted websites like Twitter, Netflix, and Reddit.

Mirai's source code was eventually released publicly, leading to the creation of many variants by other cybercriminals. These variants have continued to exploit vulnerabilities in IoT devices, making Mirai a significant ongoing threat in the cybersecurity landscape.

Via Ars Technica

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.