How would I know if my webcam had been infected by malware?
October 23, 2016 6:59 AM Subscribe
The news stories on Friday's attack on Dyn noted that devices from the "internet of things" has been infected by malware which was conscripting them to send requests to the DNS. Is there anyway I could know if devices which I own were infected? If they were is there anything I could do about it?
Go here: http://iotscanner.bullguard.com
posted by ajackson at 8:43 AM on October 23, 2016 [5 favorites]
posted by ajackson at 8:43 AM on October 23, 2016 [5 favorites]
Unless the manufacturer or a third party has built a scanner of some sort it'd quite hard. Look to see if there's an upgrade or re-install the software. Then look at all the security options to have the camera as restricted as possible.
posted by sammyo at 9:15 AM on October 23, 2016
posted by sammyo at 9:15 AM on October 23, 2016
ajackson's link to a Shodan search tool is good, but it might report false positives. (I'm flagged because I'm running a public web server; I do that on purpose.)
The way I checked my own network was to look at my router's bandwidth graph. An unusual amount of large outbound traffic would be a sign you were part of a botnet. Your ISP may also give you information on data usage. Again it's outbound data (uploads) to look for; not inbound data (downloads). Some outbound data is reasonable, like cloud backups and the like. But if you have a huge amount that's an indicator of a potential problem.
Reports are that Mirai's malware is not persistent, so if you reboot your device it will be fixed. Until the next time it's attacked, that is.
Long term I think the solution is for home routers to get smarter, to act more like firewalls and malware scanners for outbound traffic as well as inbound traffic. But that requires secure routers with sophisticated software, which is a very difficult task to do at consumer scale.
posted by Nelson at 9:20 AM on October 23, 2016 [3 favorites]
The way I checked my own network was to look at my router's bandwidth graph. An unusual amount of large outbound traffic would be a sign you were part of a botnet. Your ISP may also give you information on data usage. Again it's outbound data (uploads) to look for; not inbound data (downloads). Some outbound data is reasonable, like cloud backups and the like. But if you have a huge amount that's an indicator of a potential problem.
Reports are that Mirai's malware is not persistent, so if you reboot your device it will be fixed. Until the next time it's attacked, that is.
Long term I think the solution is for home routers to get smarter, to act more like firewalls and malware scanners for outbound traffic as well as inbound traffic. But that requires secure routers with sophisticated software, which is a very difficult task to do at consumer scale.
posted by Nelson at 9:20 AM on October 23, 2016 [3 favorites]
Response by poster: Thanks. My question was really more general, I don't have any specific devices (right now) that I'm worried about.
posted by gteffertz at 2:20 PM on October 23, 2016
posted by gteffertz at 2:20 PM on October 23, 2016
I block the webcam on my laptop with tape specifically to avoid anyone accessing it and seeing throughout without me knowing it. When hackers do this, it's called "ratting" (Remote Access Trojan) because they take control of your computer. Most likely this wouldn't come from an attack like the Dyn thing - it would happen because you downloaded something you shouldn't have. So, it's less of a "hack" and more you falling for a trick.
posted by AppleTurnover at 8:14 PM on October 23, 2016 [1 favorite]
posted by AppleTurnover at 8:14 PM on October 23, 2016 [1 favorite]
Krebs on Security has some technical details about Mirai.
Infected systems can be cleaned up by simply rebooting them — thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot.posted by Western Infidels at 8:21 PM on October 24, 2016
This thread is closed to new comments.
the issue here is with security and child monitor cameras that you can watch from anywhere (sorry if this is obvious).
for those, the most certain way to avoid abuse is to simply turn them off or (more complex) restrict their access to your own private network. if you don't want to do that then, at least, go into the settings and change the password from the default.
posted by andrewcooke at 7:26 AM on October 23, 2016