AV Security Concerns
In this article, our objective is to focus on security of AV devices. However, we will going to use an indirect approach to this topic. First, we’ll discuss about an internet protocol and service that is absolutely critical to the proper function of almost all IP networks. It is especially critical to the use and function of the Internet. Then, we’ll turn our attention to the attack that denied the use of that resource for a period of time. Lastly, we’ll explain how AV devices played a critical part in the attack.
Domain Name Services (DNS) is vital to the operation of almost all IP networks. The only exception would be small isolated networks with a few devices that have no connection to other company networks or to the Internet. DNS capability is dependent on systems and devices across the globe. It is a stored, distributed database of names that relate or map those names to specific IP addresses. For example, we understand that the address 126.96.36.199 is related to Google because DNS has the network address for the server in its database. Now, how is this distributed database critical to each of us? When we go onto the web and click on an icon or type a name such as matrox.com into a browser address field, we ask for a resource from a server. However, we don’t need the address of that server because DNS tells us browser it is at 188.8.131.52. However, most people are surprised to learn that when you visit a typical home page of a company or college, your browser sends 12-18 DNS queries to obtain all of the resource files necessary to build that page for you. In other words, take away the DNS capability and you can’t browse or get resources from the Internet. Think about the impact of this function on customers who are looking at your company’s web site for products or services.
Now, let’s turn our attention to an attack on DNS that was very disruptive. On October 16, 2016, a denial of service attack was launched on DYN, a major DNS service provider. This disruption caused many web sites to be nearly inaccessible for over two hours. Some of the companies affected included Fox News, Amazon, and Paypal. After a few hours, the attack was blocked, but it repeated two more times during the day.
Now let’s answer at a multiple choice question. The attack was primarily launched by:
- a clandestine, nation sponsored group from the Pacific rim, probably North Korea.
- disgruntled computer science students.
- compromising a large number of cameras and other embedded system devices.
- a former employee of Paypal.
- compromising a major retailer’s payment server.
The answer is C. Some reports indicate that the botnet of cameras and devices may have exceeded 100,000. That is, the attack was launched because someone had control of this vast number of devices and could issue the attack command. Here’s the really scary part. The attack, named Mirai, was based on compromising the attack devices using a list of 60 common username/password combinations set as factory defaults. The passwords were never changed by the users and this made the devices vulnerable to the Mirai control server. The AV industry must stop shipping devices with default authentication combinations like admin/blank.
Source: AV Security Concerns