By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Cybercriminals have recently taken a fresh approach at hacking into user devices, branching out into the Internet of Things to attack security cameras. Although the implications are disturbing, this first attack turned out to be a fairly harmless and largely ineffective attempt to mine bitcoins.
What is Bitcoin Mining?
Bitcoins are a popular form of digital currency widely used among criminals, digital and otherwise. While there’s nothing illegal about the bitcoins themselves, their very nature draws an unsavory audience. Bitcoins are virtually untraceable, making them a preferred method of payment for many illegal activities. Even though the FBI shut down the Silk Road, which was an online marketplace for illegal drugs that was operating on bitcoins, hackers nonetheless often use this currency to collect payment for their services.
Bitcoins can be exchanged between users who already have accumulated the currency, but they can also be mined, which is an alluring prospect for individuals looking to make a quick bit of cash. To mine bitcoins, users essentially contribute processing power to the endless activity of verifying bitcoin transactions. Running the right software doesn’t guarantee a payback, however, as the software is essentially whizzing through potential combinations to unlock hidden jackpots of bitcoins.
How Security Cameras Became Involved
Johannes Ullrich of the SANS Technology Institute discovered that a new form of malware that is infecting digital video recorders used for security. The malware is unique, because it’s actually designed to run on an ARM infrastructure. Where most types of malware are written for Windows or Linux machines, this one was clearly created to go right past that and target a different type of machine altogether. This is a natural side effect of the continuously expanding Internet of Things, in which even everyday objects are a part of the interconnected infrastructure of the Internet.
What the Malware Does
Fortunately for anyone infected by this malware, it is a relatively harmless bug. The malware performs two basic actions: It searches for other machines that it can infect on the network, and it settles in to try to mine some bitcoins.
As for infecting other machines, the malware is relatively potent. Though unconfirmed, it’s expected that the malware infects new systems by accessing default usernames and passwords. This particular program targets Hikvision devices, which come with a predictable default username and a root password that’s pathetically easy to hack (12345). The real weakness in the security system is that few users think to change this password, leaving the digital video recorder wide open to an attack.
The DVRs aren’t the only machines susceptible to this virus, either. Ullrich also posted an update indicating that the malware was found on a router as well. In today’s interconnected Internet of Things, this type of malware could end up with an extensive reach.
Seeking Bitcoin Success
While the premise behind the malware is unique and startlingly dangerous, this particular piece of code performs only one malicious act beyond spreading its grasp. As a tool to mine bitcoins, the malware is pathetically ineffective. The weak ARM chip is a relatively low-powered processor, making it one of the worst possible choices for bitcoin mining. Though the cybercriminals seemed to know exactly what they were doing when they wrote code to attack ARM systems, they apparently didn’t consider the effectiveness of said system for bitcoin mining.
The effort is so laughable that tech professionals have taken to Twitter mocking the malware. The co-founder and chief technology officer of Veracode, a code review firm, even said that the malware is essentially “just wasting electricity.”
Similar Bitcoin Attempts
This isn’t the first time that hackers have tried to use unusual devices to mine bitcoins. In early 2014, another bit of malware was found infecting Android phones. The malware would drain the phone’s battery significantly while using its processor to mine for bitcoins. This, too, was a largely ineffective attempt to cash in on bitcoins, though it created a big problem for Android users. One researcher installed the malware on his phone to analyze its effects and found that after four hours of mining, which exhausted the phone’s battery, the malware mined less than a penny.
Though these programs don’t earn their keep on a single machine, perhaps the developers were hoping to cash in on scale rather than power. If left untended, the malware could potentially spread unchecked, adding an untold number of weak systems to the effort which may begin to see a small amount of success if the net was cast large enough.
The Implications of ARM Malware
More disturbing than the growing trend of hacking new devices for bitcoin mining is the implication that this type of malware carries. Fortunately, this particular program was designed only to seek out virtual currency. It could, however, have easily been used to spy on anyone within the security camera’s view. Until now, ARM devices have been largely overlooked as a potential weak spot in a system’s architecture, with the greatest focus going to susceptible Windows and Linux machines.
While these cybercriminals were ineffective in their attempt to cash in, there’s no telling what they might have achieved had they used the malware for a different purpose and hijacked the security footage instead of the camera’s processing power. This attack shines a bright light on a new weak spot that almost every technology user should be aware of.
Protecting the Internet of Things
This isn’t the first time that someone has realized that we need to pay close attention to the Internet of Things, but perhaps it will add fuel to the fire to increase efforts to keep connected devices safe. Internet routers, IP phones, video consoles, and all manner of household devices that connect to the Internet, from smart fridges to app-controlled thermostats, could have weaknesses just waiting for hackers to exploit them. The underlying issue behind this attack isn’t a matter of protecting oneself from bitcoin miners, but a matter of protecting all connected devices from attacks.
As the Internet of Things grows, cybercriminals undoubtedly will find new ways to exploit it. Informed consumers need to do what they can to stay ahead of the trend.