晶睿通訊安全監控主題文章

(原文) 

Cybersecurity for IP Surveillance Devices


Cybersecurity for IP Surveillance Cameras & Trend Micro IoT Security Solutions

Abstract

Cybersecurity for IoT devices has been a hot topic in the past few years, and IP surveillance cameras are the hackers’ top target because of the relatively high computing power and good internet traffic throughput. At the end of 2016, a Linux-based malware “Mirai” was used to initiate a DDoS attack which created a record-high 1.2Tbps Internet traffic. The huge traffic was triggered by remote commands and the victim devices were mainly IP surveillance cameras. Not only is Mirai source code made available on the Internet, multiple variants of Mirai-like malware are surfacing. Cybersecurity now becomes another focal point for IP surveillance devices and multiple governments are making regulations to raise the bar for cybersecurity implementation. It is becoming the next decisive factor in the competition of the IP surveillance industry.

Incentives to Hack IP Surveillance Cameras

Today, the major motivation of hacking is monetization. When it comes to monetization, IP surveillance cameras are great targets because of the following reasons:

 1. Constantly Connected: High exposure to the Internet making it easy for the hackers to find the device. Once hacked, the device will be constantly available to serve hackers’ needs.

2.  Low Hacking Investments: Unlike hacking a PC, once the hackers see a way to hack a device, the same approach can usually be applied to other devices of the similar models, making a very low per-device hacking cost.

3.  Lack of Supervision: Unlike office PCs, IP surveillance cameras are not well managed by cybersecurity knowledgeable staff. Installing an after-market anti-malware application is not available as well.

4.  High Performance: The idle computing power inside an IP surveillance camera is usually good enough to perform hackers’ specified tasks like cryptocurrency mining, even without being noticed by end users.

5.  High Internet Facing Bandwidth: The always-connect fast and huge bandwidth designed for video communication is the perfect target for hackers to initiate DDoS attacks.

(譯文)

網路監控設備的資訊安全


網路監控攝影機的資訊安全與趨勢科技的Trend Micro IoT Security解決方案

摘要

物聯網裝置的資訊安全是近年來的熱門議題,安全監控網路攝影機也因高運算能力與網路流量而成為駭客攻擊的首要目標。2016年底,駭客利用惡意軟體MiraiLinux裝置發動DDoS攻擊,並產生高達1.2Tbps網路流量。駭客從遠端下達指令,並挾持安全監控網路攝影機進行攻擊。Mirai的原始碼不僅在網路上公開發布,許多Mirai變種程式也紛紛出爐。資訊安全儼然成為安全監控網路攝影機的焦點,許多政府也開始制定法規,以提高資安執行的標準。資訊安全已成為安全監控產業在競爭中勝出的新決定性因素。

攻擊安全監控網路攝影機的動機

今日大部分的攻擊動機都是為了獲取金錢,這也使得安全監控網路攝影機成為主要的攻擊目標,原因如下:

1.   持續連線:在網際網路上的高曝光度意味著駭客可以輕易找到裝置。一旦被駭,裝置就可以持續被駭客用來滿足需求。

2.   攻擊成本低:有別於攻擊電腦,當駭客發現攻擊裝置的方式,就能用同樣的方式攻擊其他相同機種的裝置,因此每台裝置的攻擊成本相當低。

3.   缺乏有效監督:和辦公室電腦不同的是,安全監控網路攝影機通常未由具備資安知識的員工負責管理,而且也無法安裝市面上的防毒軟體。

4.   高效能:安全監控網路攝影機具備高運算能力,足以幫助駭客執行特定任務,例如開採虛擬貨幣,而且通常不會被終端使用者發現。

  1. 高網際網路頻寬:影像通訊需要不中斷、快速且龐大的頻寬,因此是駭客發動DDoS攻擊的絕佳目標。

(原文)

Hacking/Infection Chain

The typical infection chain of IP surveillance cameras consists of the following steps:

1.    Discover Address: Locate the IP address of a potential victim device, mostly done by Internet crawlers. Web services such as “Shodan” can also offer a list of discovered devices.

2.    Gain Access: Use the default password, or the password dictionary to logon the device. Once getting the administrator privilege, hackers can further exploit the system for their malicious actions.

3.    Exploit Vulnerabilities: Look into the system vulnerabilities and take advantages of them. System vulnerabilities are inevitable especially in a quick moving IT world where open source codes are widely used.

4.    Inject Malware: Install the malware into the IP surveillance camera. The malware typically consists of an agent which handles the communication, and the main body which fulfills the main functions designed by the hackers.

5.    Command and Control: Control the victims remotely to enable a specific service function. For example, hackers can initiate a DDoS attack and command all infected devices to target a specific destination.

 (譯文)

攻擊/病毒感染鏈

以下是安全監控網路攝影機遭受攻擊時的感染鏈:

1.     找尋位址:利用網路爬蟲(Crawler)尋找目標裝置的IP位址。ShodanWeb服務也可以提供已知位址裝置的清單。

2.     存取裝置:使用預設密碼或密碼字典登入裝置。一旦取得管理者權限,駭客就能進一步利用系統進行惡意活動。

3.     利用漏洞:找尋並利用系統漏洞。在發展迅速且廣泛使用開放原始碼的IT環境中,系統勢必存在某些漏洞。

4.     注入惡意軟體:在安全監控網路攝影機上安裝惡意軟體。惡意軟體通常包含代理程式與主體,前者負責通訊,後者則執行駭客設計的主要功能。

5.     命令與控制:遠端控制被攻擊的裝置,以執行特定服務或功能。例如,駭客可以發動DDoS攻擊,並命令所有被感染的裝置對特定目標發動攻擊。

(原文) 

Value Proposition of VIVOTEK + Trend Micro

The competition between hackers and device makers mainly relies on the threat knowledge, and the timing to respond to such threat knowledge. VIVOTEK in collaboration with Trend Micro aims to provide threat awareness in no time so that cameras and NVRs can react to a cyber threat one step ahead of hackers. The solution consists of three major parts:

1.   Anti-brute-force login-Attack: A mechanism that detects automated brute-force login behavior. For people who never care to change the default password, or those who use easy-to-guess passwords, their IP surveillance devices are less secured by natural. By blocking suspicious logins, the solution reduces the possibilities of intrusion at the front line.

2.   Intrusion detection and prevention: Powered by Trend Micro’s IoT Reputation Service which is a huge cloud knowledge base that identifies malicious URLs, addresses of potentially infected devices, and malicious servers, VIVOTEK’s IP surveillance devices can detect abnormal behavior inside with machine learning technology. Any connection attempting to the suspicious IP address will be blocked by Trend Micro IoT security solutions within VIVOTEK devices. Modern hackers can change the IP of the attacker devices very frequently, thus catching up with that within minimal time interval is crucial. The Trend Micro IoT Reputation Service cloud is updated every 15 minutes.

3.   Instant damage control: When a system vulnerability is first disclosed in public it is a “race in time” between hackers and device makers. The period between the vulnerability disclosure and the release of the firmware fix usually takes a couple of weeks, which leaves hackers plenty of time to scan and attack vulnerable devices in big volumes. Like regular anti-virus software installed on a PC, the Trend Micro IoT security solution within VIVOTEK devices can update the virus pattern automatically or manually. Through this, devices are still under protection and the risk is minimized before the vulnerability is fixed in the official firmware release. In other words, although the virus might be able to affect the device due to the new disclosed vulnerability, it cannot do any harm due to the latest update of virus pattern. Furthermore, as the world’s no. 1 contributor to the public vulnerability database, Trend Micro can even create attacking pattern of new virus before it is disclosed in many cases, leaving no room for the hackers to take any advantage upon a newly announced vulnerability.

 (譯文)

晶睿通訊與趨勢科技的共同價值主張

駭客與裝置廠商較勁時,主要取決於具備的威脅攻擊知識以及運用這些知識的時機。晶睿通訊與趨勢科技攜手合作,提供即時的威脅情資,讓網路攝影機與網路錄影機在駭客採取行動前搶先應變。此解決方案包含三大要素:

1.   反暴力破解攻擊:自動偵測暴力破解行為的機制。若使用者從不變更預設密碼,或總是使用易被破解的密碼,其裝置安全性相對較薄弱。透過封鎖可疑登入,此解決方案可以在前線降低威脅入侵風險。

2.   入侵偵測與防護:趨勢科技的物聯網信譽評等服務(IoT Reputation Service)是可識別惡意URL、被感染裝置的位址與惡意伺服器的雲端知識庫。透過此服務,晶睿通訊安全監控網路攝影機可以運用機器學習技術偵測內部的異常行為。內建於晶睿通訊網路攝影機內的Trend Micro IoT Security解決方案會封鎖對可疑IP位址的任何連線。由於駭客可能經常改變攻擊裝置的IP,因此在最短時間內抓到IP至關重要。趨勢科技的物聯網信譽評等雲端服務每15分鐘就會更新一次。

3.   即時控管傷害:當系統漏洞首度被揭露,裝置商不僅得與駭客較勁,也得與時間賽跑。從漏洞被揭露到韌體修補程式發布通常需要好幾個禮拜的時間,這使得駭客有充足時間搜尋與攻擊大量裝置。如同安裝於電腦上的防毒軟體,內建於晶睿通訊網路攝影機的Trend Micro IoT Security解決方案可以自動或手動更新病毒碼,因此在官方發布韌體修補程式前,裝置仍會受到保護,進而將風險降到最低。換句話說,儘管病毒可能會透過新發現的漏洞攻擊機器,但裝置仍可因最新的病毒碼而受到保護。趨勢科技是公開漏洞資料庫的主要貢獻者,因此能在新病毒被發現前建立攻擊模式,讓駭客毫無機會利用新漏洞進行攻擊。

(原文) 

Conclusion

As the concern for cybersecurity is growing due to the damage caused by cyber attack in the past years, the IP surveillance industry started to pay attention to this topic since IP cameras and NVRs have become the perfect targets for hackers. VIVOTEK is the first IP surveillance manufacturer in the market to provide anti-intrusion software within network cameras and NVRs. Powered by the renowned cybersecurity solution company Trend Micro, VIVOTEK IP devices can now detect and block the brute force login attack or any abnormal activities inside. In addition, through the automatic update of virus pattern, the risk of new vulnerabilities can be significantly reduced in no time.

 (譯文) 

結語

有鑑於近年來網路攻擊造成的嚴重損害,人們對資訊安全日趨重視。由於網路攝影機與網路錄影機已成為駭客攻擊的主要目標,因此IP監控產業也開始正視這個議題。晶睿通訊是第一家在網路攝影機與網路錄影機中提供防入侵軟體的IP監控設備廠商。晶睿通訊的網路裝置採用資安大廠趨勢科技的解決方案,能偵測與封鎖暴力破解攻擊或內部的異常活動。透過自動更新病毒碼,晶睿通訊設備可以即時降低新漏洞風險。

原始連結(英文)

原始連結(中文)