The malware is called Persirai and was found infecting Chinese-made wireless cameras last month, according to security firm Trend Micro. This affected up to 1,250 camera models – or around 120,000 cameras – according to the report.
The researcher who discovered the IoT vulnerability – and released his knowledge of it – said that the malware allowed the cyber attackers to remotely access the cameras, implant code and hijack them.
>See also: The security challenges with the Internet of Things
“The security researcher, a white hat, may have had the best intentions with releasing a full disclosure on these vulnerabilities,” Marshal Webb, CTO of BackConnect, a DDoS protection provider said. “But now they’re just out there, making it convenient for anyone to exploit.”
This type of malware infects cameras to form a botnet, which can then launch DDoS attacks to cripple websites.
However, Webb said that although the Persirai-powered botnet can launch DDoS attacks, it is at the moment not carrying out assaults, probably because the malware attackers are still looking at how best to use it.
>See also: Fighting back against Mirai botnet
Ryan Lester, Director of IoT Strategy at Xively by LogMeIn said that “these incidents with Persirai are another reminder of what is at stake with the Internet of Things. IoT has the potential to transform the way we live and work but product companies need to understand the complexities around its security to get the best out of it.”
“There is no room for security shortcuts. Product companies must build in various security mechanisms to reduce the risk of attacks – including strong authentication, encryption and the like. Thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road.”