ICT Security-Sécurité PC et Internet

Security vulnerabilities in popular internet-connected digital cameras could allow hackers to infect them with ransomware, rendering the devices useless, or deploy other forms of malware which could potentially turn a camera into a gateway for infecting larger networks.

Digital cameras use Picture Transfer Protocol (PTP), a standard protocol to transfer digital files. Researchers at cybersecurity company Check Point Software found that it was possible to exploit vulnerabilities in the protocol to infect a camera with ransomware, presenting their findings at the Defcon security conference in Las Vegas.

The researchers looked at the Canon EOS 80D because it has both USB and Wi-Fi connectivity, as well as an extensive modding community which provides open source software for the camera. But while this particular model was chosen for the experiment, researchers warn that any internet-connected digital camera could be vulnerable to the attacks.

"As PTP is widely used by all digital camera vendors, we do believe that similar vulnerabilities will affect other vendors as well," Eyal Itkin, security researcher at Check Point, told ZDNet.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE

Researchers at Trend Micro have identified that over 1,000 different models of IP cameras are at risk of being compromised by the threat dubbed Persirai...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Officials found 123 of 187 network video recorders capturing CCTV footage had fallen victim to two strains of ransomware.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=RANSOMWARE

Last month, the world was introduced to Amazon Key, a new service from the online shopping juggernaut that allows couriers to unlock your front door to deliver packages. One of the main concerns of the service is the central question of whether Prime customers trust Amazon enough to let the company monitor their homes and determine when it’s okay to unlock the door for someone who is, essentially, a stranger.

The service relies on Cloud Cam and a compatible smart lock, and only grants permission for a courier to enter after they scan a barcode, which is checked against information in the cloud. A camera also monitors and records the drop-off so customers can check that nothing suspect happened.

Now security researchers have found that the camera can be disabled and frozen from a program run from any computer within Wi-Fi range, reports Wired. That means a customer watching a delivery will only see a closed door, even if someone opens the door and goes inside — a vulnerability that may allow rogue couriers to rob customers’ homes.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=cameras

Trend Micro is reporting a new threat to Linux-based Internet of Things (IoT) devices that is specifically able to exploit a specific vulnerability in surveillance cameras made by AVTech.
The threat is called ELF_IMEIJ.A and was originally uncovered by Search-Lab in October 2016 and reported to AVTech. Trend Micro said Search-Labs did not received a response regarding the issue.

Much like Mirai, ELF_IMEIJ.A the malware searches for unprotected IoT devices, in this case a camera.
The attacker uses cgi-bin scripts to randomly ping IP addresses searching for a device that is vulnerable.

“Specifically, it exploits CloudSetup.cgi, the reported AVTech CGI Directory vulnerability, to execute a command injection that triggers the malware download. The attacker tricks the device into downloading the malicious file and changes the file's permissions to execute it locally,” Trend wrote.

Search-Labs noted that every user password for the AVTech products is stored in clear text and that an attacker with access to the device itself can easily obtain the full list of passwords.
“By exploiting command injection or authentication bypass issues, the clear text admin password can be retrieved,” Search-Labs initial report on the malware stated.

Learn more / En savoir plus / Mehr erfahren: 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars