Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices. The vulnerability affects the AVM1203 surveillance device from Taiwan-based manufacturer AVTECH, according to network security provider Akamai.
The zero-day vulnerability, tracked as CVE-2024-7029, has been known since at least 2019 when exploit code became public. However, unknown attackers have been exploiting it since March, allowing them to install a variant of Mirai and potentially compromise video feeds or use the infected cameras for other purposes.
Akamai detected the activity using a “honeypot” of devices that mimic the cameras on the open Internet to observe any attacks that target them. The technique doesn’t allow researchers to measure the botnet’s size, but it has allowed Akamai to capture the code used to compromise the devices.
The US Cybersecurity and Infrastructure Security Agency warned of the vulnerability earlier this month. As the camera model is no longer supported, the best course of action for anyone using one is to replace it. It is crucial to never make IoT devices accessible using default credentials that shipped with them.
Source: https://arstechnica.com/security/2024/08/unpatchable-0-day-in-surveillance-cam-is-being-exploited-to-install-mirai/