Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Top surveillance camera has a major security flaw that allows hackers to install Mirai botnet

Big CCTV focusing on a smartphone and icons hovering above it .

A widely-used surveillance camera has been found carrying a high-severity vulnerability that allows threat actors to take over the device.

Researchers from Akamai recently reported cybercriminals started exploiting the flaw in the AVM1203, a surveillance camera model designed and sold by Taiwanese manufacturer AVTECH, to hijack the endpoints and assimilate them into the Mirai botnet.

Since the model reached its end-of-life status long ago, AVTECH will not be patching the bug, so the best course of action for any owners would be to replace the device with a newer model.

CISA recommendations

The vulnerability in question is tracked as CVE-2024-7029. It has a severity rating of 8.7 (high-severity), and is described as an “improper neutralization of special elements used in a command ('Command Injection')”.

CISA’s technical description states that the flaw allows commands to be injected over the network, “and executed without authentication.”

Those who are unable to replace the device, should take defensive measures, CISA recommends. Those include minimizing network exposure for all control system devices and/or systems (making sure they’re not accessible from the public internet), and locating control system networks and remote devices behind firewalls, and isolating them from business networks.

Ultimately, if it is absolutely necessary for the endpoint to be accessible via the internet, CISA recommends using secure methods such as VPNs, while still stressing that many VPNs may have vulnerabilities, as well.

Mirai is a popular botnet that primarily targets Internet of Things (IoT) devices. It was first discovered in 2016, and has since grown to be almost synonymous with Distributed Denial of Service (DDoS) attacks. The Mirai botnet gained notoriety in October 2016 when it was used to launch one of the largest DDoS attacks in history against Dyn, a major DNS provider. This attack disrupted websites like Twitter, Netflix, and Reddit.

Mirai's source code was eventually released publicly, leading to the creation of many variants by other cybercriminals. These variants have continued to exploit vulnerabilities in IoT devices, making Mirai a significant ongoing threat in the cybersecurity landscape.

Via Ars Technica

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.