Hackers exploit two zero-day vulnerabilities to connect routers and surveillance cameras to a botnet. They then deploy the botnet for DDoS attacks. At least 7,000 devices are vulnerable.
Researchers at Akamai tracked down the zero-day vulnerabilities and warned of the danger in a blog on Tuesday. Routers and camera products that did not adjust login credentials after initial use and thus still use the default password are at risk.
Hackers break into the devices via the default password. They then infect the devices for Mirai. This botnet surfaced back in 2021 at Cloudflare, which then stopped an attack of 17.2 million requests per second. Thus, this is a botnet used for DDoS attacks. By overloading a website with requests from the devices that make up the botnet, hackers attempt to take down the website.
Multiple camera models
Akamai has not yet revealed exactly which devices are at risk. For that, researchers first wait for vendors to patch the problems. In the case of the router, at least one specific model is at risk. “The router vendor produces multiple switches and routers,” it further tells, as well as that it is a Japanese manufacturer.
With camera gear, the problem has spread more widely. The vendor makes “100 NVR/DVR/IP camera products,” and the same login has also been reused on multiple products.
Patch to follow next month
An Akamai researcher, Larry Cashdollar, further briefed Ars Technica on developments at the manufacturers. One of the producers reportedly has not yet responded to the findings. From the other producer, we can expect a patch in December. According to the researcher, at least 7,000 devices are at risk.