P2P Weakness Exposes Millions of IoT Devices
A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.
The security flaws involve iLnkP2P, software developed by China-based Shenzhen Yunni Technology. iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders.
iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one's firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.
But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese, iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions.
Related Stories
Million+ IoT Radios Open to Hijack via Telnet Backdoor:
Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.
Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio streams to the device, listen to all station messages as well as uncover the Wi-Fi password for any network the radio is connected to.
The issue (CVE-2019-13473) exists in an always-on, undocumented Telnet service (Telnetd) that connects to Port 23 of the radio. The Telnetd service uses weak passwords with hardcoded credentials, which can be cracked using simple brute-forcing tactics. From there, an attacker can gain unauthorized access to the radio and its OS.
In testing, researchers said that the password compromise took only about 10 minutes using an automated "ncrack" script – perhaps because the hardcoded password was simply, "password."[sic - I suspect the '.' wasn't part of it, -- Ed.]
After logging onto the device, researchers were able to access the "etc" path with root privileges to request various file contents, including the full system password shadow file, the group password shadow file, the USB password and the httpd service password containing the "wifi cfg" file with unencrypted information on the wireless LAN key.
(Score: 4, Insightful) by nobu_the_bard on Friday April 26 2019, @09:27PM
Might as well just pin this story to the top with a madlibs blank for the brand name and device type to cover all our bases, maybe a script to randomize the sentence order a little.
(Score: 2, Funny) by Anonymous Coward on Friday April 26 2019, @09:27PM
Asking for a friend.
(Score: 4, Funny) by Bot on Friday April 26 2019, @09:40PM
Working as intended.
Account abandoned.
(Score: 4, Insightful) by Azuma Hazuki on Friday April 26 2019, @10:45PM (3 children)
In 1984, the telescreens had to be installed by the government. Not even Orwell ever imagined people would buy them voluntarily.
I am "that girl" your mother warned you about...
(Score: 2) by Pslytely Psycho on Saturday April 27 2019, @12:19AM (2 children)
1984 was supposed to be a warning.
NOT an instruction manual.....
Alex Jones lawyer inspires new TV series: CSI Moron Division.
(Score: 2) by https on Saturday April 27 2019, @03:31AM (1 child)
I really don't understand. The book has, since publication day one, explicitly included a manual. Does Cliff's Notes omit this extremely important fact?
Offended and laughing about it.
(Score: 2) by Pslytely Psycho on Saturday April 27 2019, @05:27AM
Wouldn't know about a Cliff Note, remember hearing of them when i was a kid, never actually saw one.
But yes, I have read the appendix you refer to,"The Principles of Newspeak." but I never thought of it as a how to manual.
Haven't read that part in a good many decades, perhaps time for a re-read as an adult.
It was the driest part of the book as I recall, detailing the eventual fall as Newspeak failed due to it's own limitations? (question mark as I don't recall that part in any great detail and I'm far too lazy to reread it before replying)
I still think of it as a warning against authoritarianism.
And anyway, Idiocracy seems to of been more accurate....(:
Alex Jones lawyer inspires new TV series: CSI Moron Division.
(Score: 0) by Anonymous Coward on Friday April 26 2019, @10:46PM (1 child)
backdoor
(Score: 2, Insightful) by Anonymous Coward on Friday April 26 2019, @11:03PM
In this case it is a front door.