Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network.
According to Graham’s series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Note: it was infected by another botnet first and then after 98 seconds by Mirai
Mirai conducts a brute force password attack via telnet using 61 default credentials to gain access to the DVR software in video cameras and to other devices such as routers and CCTV cameras.
After the first stage of Mirai loads, “it then connects out to download the full virus,” Graham said in a Twitter post. “Once it downloads that, it runs it and starts spewing out SYN packets at a high rate of speed, looking for new victims.”
Graham said the defense recommended by the Christian Science Monitor – changing the default password of devices before connecting them to the Internet – doesn’t help because his Mirai-infected camera has a telnet password that cannot be changed.
“The correct mitigation is ‘put these devices behind your firewall’,” Graham said.