14 DAY TRIAL // Security researchers have transformed a D-Link DCS 930L Web camera into a backdoored spying device capable of lurking on the local network of its victims without leaving a clue as to its presence.
In an experiment carried out by researchers from Vectra Networks, they were able to craft a malicious firmware image that included a reverse proxy to the camera that allowed a remote attacker to connect to the device.
While malware that targets IoT devices usually gets lost after a device reboots, placing the backdoor in the camera's firmware ensures persistence if the power goes out or if the user manually restarts the device.
The researchers also found out that they could optionally remove the firmware reflash feature, preventing the camera's owners from installing firmware updates.
The true dangers of hackable IoT devices
All of this was done on a $30 camera broken down on the researchers' desk, but this theoretically can be done from afar as well. We have reported many times on the vulnerabilities of IoT devices that allow remote firmware updates. Even as we speak, researchers from eMaze have found a similar bug in another Web camera, unrelated to Vectra Networks' research, meaning the problem of remote firmware updates is more common than you might think.
While spying on victims may also be a possibility, hacking into webcams has other advantages. Having a persistent backdoor into enclosed networks via a Web camera is more convenient because security staff usually tend to focus their efforts on servers and workstations.
While the webcam is technically limited when it comes to hardware and software possibilities, researchers say that its true role is as an entry point for future attacks, and not as the attack's main weapon.
As Vectra researchers conclude, any webcam or IoT device should be used as a relay point for attacks, and not just dumb DDoS bots.