[TrendMicro] are reporting that yet another IoT botnet is emerging. This new botnet had been dubbed Persirai and targets IP cameras. Most of the victims don’t even realize their camera has access to the Internet 24/7 in the first place.
Trend Micro, have found 1,000 IP cameras of different models that have been exploited by Persirai so far. There are at least another 120,000 IP cameras that the botnet could attack using the same method. The problem starts with the IP cameras exposing themselves by default on TCP Port 81 as a web server — never a great idea.
Most IP cameras use Universal Plug and Play, which allows them to open ports from inside the router and start a web server without much in the way of security checks. This paints a giant target in cyber space complete with signs asking to be exploited. After logging into a vulnerable device the attacker can perform a command injection attack which in turn points gets the camera to download further malware.
The exploit runs in memory only, so once it has been rebooted it should all be fine again until your next drive by malware download. Check your devices, because even big named companies make mistakes. IoT is turning into a battlefield. We just hope that with all these attacks, botnets, and hacks the promise of the IoT idea isn’t destroyed because of lazy coders.
Part of feature image from Wikipedia, Creative Commons license.
[Filipe] has been playing around with custom firmware for inexpensive IP cameras. Specifically, he has been using cameras based on a common HI3815 chip. When you are playing around with firmware like this, a major concern is that you may end up bricking the device and rendering it useless. [Filipe] has documented a relatively simple way to backup and restore the firmware on these cameras so you can hack to your heart’s content.
The first part of this hack is hardware oriented. [Filipe] cracked open the camera to reveal the PCB. The board has labeled serial TX and RX pads. After soldering a couple of wires to these pads, [Filipe] used a USB to serial dongle to hook his computer up to the camera’s serial port.
Any terminal program should now be able to connect to the camera at 115200 baud while the camera is booting up. The trick is to press “enter” during the boot phase. This allows you to log in as root with no password. Next you can reset the root password and reboot the camera. From now on you can simply connect to the phone via telnet and log in as root.
From here, [Filipe] copies all of the camera’s partitions over to an NFS share using the dd command. He mentions that you can also use FTP for this if you prefer. At this point, the firmware backup is completed.
Knowing how to restore the backup is just as important as knowing how to create it. [Filipe] built a simple TFTP server and copied the firmware image to it in two chunks, each less than 5MB. The final step is to tell the camera how to find the image. First you need to use the serial port to get the camera back to the U-Boot prompt. Then you configure the camera’s IP address and the TFTP server’s IP address. Finally, you copy each partition into RAM via TFTP and then copy that into flash memory. Once all five partitions are copied, your backup is safely restored and your camera can live to be hacked another day.
[Dave Astolfo] wanted to be able to let his CNC mill run by itself with the ability to monitor it remotely. The only problem with that idea is that if he checked in and saw something bad happening he needed a remote kill switch as well. He ended up killing two birds with one stone by adding extra features to an IP camera.
These Internet Protocol cameras are pretty nifty. Just plug their power cord in and they’ll connect to WiFi and start streaming video. Many of them offer features like pan and tilt, and this model even features IR LEDs for night viewing that can be switched on and off through the web interface. That’s the point at which [Dave] started his hack. He patched into the leads on the IR LEDs. They’re monitored by an ATtiny85. When he turns on the LEDs via the webpage the ATtiny85 senses it and drives a servo motor to push the ESC key on the keyboard. As you can see in the clip after the break, this will stop the milling in its tracks. We especially liked the use of LEGO Technique pieces to make the servo mount removable.
Continue reading “Extending the features of an IP camera”
Controlling your car over WiFi is good, but mounting a webcam on it so you can actually see where you’re going is even better. [Michael] goes over how he made his wifi car with some great videos in the post about it.
The car used is a seemingly standard RC unit, which came with a speed controller that was recycled for network use. [Michael] removed the standard radio, but having this controller available kept him from having to engineer an H-bridge circuit. The radio was then replaced with a WiFi module from Sparkfun.
There were a few problems with the IP camera to begin with, as the lag was originally unbearable. After some tricks that would qualify as a good hack in itself, the camera was eventually able to perform on an acceptable level and output data to the FLTK app he used to control everything. Check out one of his videos below of this car in action. Continue reading “A WiFi Controlled RC Car with an IP Camera”
Don’t want dogs pooping on the front lawn? You could put up a sign, your could chase them away like a crotchety old miser, or you could build a motion detecting sprinkler system. It’s pretty hard to line up for a doody when you’re getting sprayed in the face (or worse) with cold water.
The setup is pretty simple. The bump-in image above shows the view from a webcam. The server monitoring the video is running software that detects motion between one frame and the next. When it sees something in the right position it signals an Arduino to trigger the solenoid which has been holding back the water. Check out the movie after the break which shows [Phil Tucker] tramping across the grass to trigger the trap.
Sprinkler hacks are always a lot of fun. This variable-range sprinkler is still one of our favorites.
Continue reading “Motion sprinkler chases away defecating dogs”
[Shawn] emailed us some pictures and a description of his latest hack. He cracked open a Rosewill RXS-3211 IP Camera because the output of the web interface made him certain that it was running Linux and he wanted to unlock some more potential from the device. These cameras are used for security, and offer a browser-based interface via a WiFi connection. After studying the circuit board he started poking around an unpopulated set of four pads and managed to get a serial connection up and running. The device’s serial terminal operates at 115200 baud using eight data bits, one stop bit, and even parity.
He wonder where to go from here and we have a few ideas. You can see in the terminal readout above that it announces when motion is detected. We think this motion detection would be quite useful with a small rover while adding live video broadcasting at the same time. An embedded Linux system should be able to interface with the device and we think that a bit of creative coding would open up the WiFi connection for other use as well. Not bad for a module that can be had for as little as $29. We’ve included all the images [Shawn] sent us after the break and we’d love to hear your thoughts on what you’d use this for in the comments.
Continue reading “I am root! – IP camera shell access”