Inexpensive Webcams Easily Turned Into A Network Backdoor

Inexpensive Webcams Easily Turned Into A Network Backdoor

According to the researchers, we can easily turn webcam connected device into a backdoor. A ‘tiny' D-Link web camera and turned it into a persistent backdoor into corporate networks by hacking through Vectra Networks an US security firm.

According to a blog published on 12 January, Vectra describes how they achieved this task. Firstly they bought the consumer-grade WiFi webcam for US$ 30 (£20) after which they create a persistent access point by cracking open its Linux kernel to. In respect to which they come to the conclusion that without affecting more protected devices criminals could use the camera to control remote attacks. Vectra showed that hackers compromise ROM, they replace the running code with their own tools like creating a backdoor. It doesn’t have to be a remote hack either, with the state reporting 

“So if we have a flash image, We can put it in a place which  involve ‘updating’ an already deployed device or installing the backdoor onto the device somewhere in the delivery chain – i.e. before it is received and installed by the end customer.”

How Accomplishing Take Place?

-    Dump the flash memory from the device for analysis.

-    It determined that the ROM contains a u-boot and a Linux kernel and image with software used to update the firmware.

-    Allow it to accept a rogue update containing a Linux proxy service.

-    If  you want that back door could not be removed then disable the ability to reflash.

The hacker would use the pipeline to extract stolen data and for the same he would inject his own attacks into the rest of the network. Even a small vulnerabilities can compromise the security of an entire network and should not be underestimate.

Chief Security Officer Gunter Ollmann said that 

“The irony in this particular scenario is that WiFi cameras are typically deployed to enhance an organisation's physical security, yet they can easily become a network security vulnerability by allowing attackers to enter and steal information without detection.”

Soft targets can be those devices which can be easily attached to the network and managed via the Internet. The reliable package that limits design options are circuit boards, chipsets, software updates.

He would expect other vendors’ webcams and connected devices to be similarly vulnerable. So, in home networks, such threat is difficult to detect. From criminals, perspective Webcams are a highly desirable target because they are cheap.