Online IP cameras targetted by Mirai-like malware called Persirai - Trend Micro

IP cameras being targeted via insecure univeral plug-and-play security flaw

A new Mirai-like malware that threatens to take over and control insecure online IP cameras has been uncovered by anti-virus software maker Trend Micro.

Dubbed Persirai, the Mirai-like threat is said to have infected as many as 120,000 IP cameras so far. According to Trend Micro, it has been operating since at least March and takes advantage of long-known flaws in many Internet of Things (IoT) products.

What's more, owners of affected cameras are unlikely to know that they have been affected, which the security firm says "makes it significantly easier for the perpetrators behind the malware to gain access to the IP camera web interface via TCP Port 81".

It continues: "IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware," warned the researchers.

Once a hacker logs into the interface, he or she can then carry out a command to force the IP camera to connect to a download site to download and execute malicious shell scripts. After the samples are downloaded, the Persirai malware deletes itself and runs only in memory.

"After receiving commands from the server, the IP camera will then start automatically attacking other IP cameras by exploiting a zero-day vulnerability that was made public a few months ago," Trend Micro notes.

"Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength."

Trend Micro warns that owners of a Chinese-made wireless camera should be on guard and should make sure that they are not using the default password.

However, the real problem is the maker of these cameras, the security firm adds.

"The burden of IoT security does not rest on the user alone — it's also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated," Trend Micro concludes.

Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017.

Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things.

Attendance to the Summit is free to qualifying senior IT professionals and IT leaders, but places are strictly limited, so apply now.

_AND on the same day, Computing is also proud to present the Big Data and IoT Summit Awards, too. [See the finalists - and secure a table for your team at the Awards - now](http://events.computing.co.uk/bigdataandiotexcellence "Computing Big

Data & IoT Awards 2017")_