Search This Blog

Showing posts with label Internet of Things. Show all posts

IoT (Internet of Things) : taking the world by storm

IoT or Internet of things refers to billions of devices and machines in the world connected to the internet, sharing and collecting data.


Now, with the advancement in computing and wireless technology even something as small as a pill or as big as an aeroplane can become a part of IoT. Any device or machine that can be transformed into an IoT device is connected to the internet to communicate and transfer data and perform  functions without human involvement.

According to Gartner, a research and advisory company around 21 billion "connected things" right at this moment are working collecting data and performing tasks. They predict that by the end of 2020, the IoT market will grow 21% with 5.8 billion endpoints.

"Electricity smart metering, both residential and commercial will boost the adoption of IoT among utilities,” said Peter Middleton, senior research director at Gartner. “Physical security, where building intruder detection and indoor surveillance use cases will drive volume, will be the second-largest user of IoT endpoints in 2020.”

 Be it consumer devices, smart devices, the medical sector, government, industrial sector like automobiles, productions nearly every enterprise use IoT devices in some form.

 he utility of IoT devices is realized in this COVID-19 era where the ability to remote control devices and perform works is a great help. These millions of IoT endpoints are bridging the gap between the digital and physical worlds.

Mobilizing the World

The best example of IoT's value is the 'Medical Sector' like Kinsa's connected thermometer which sends the data to the company who uses it to flag possible COVID-19 outbreaks.

 79 percent of healthcare providers with over $100 million revenue put IoT devices in production. Gartner also predicts a 13-percent rise in medical IoT spending for the next fiscal year.

 As great are the benefits of Iot, the risks are ever-increasing. There are security risks as connecting to internet invites attack vendors that offline machines never face. Installing IoT devices are a great feat in itself with proper procurement, deployment, security, and monitoring.

But the rewards of IoT surpass the risk, they increase efficiency, provides a cutting edge technology, and most importantly the invaluable data. Ofcourse, one needs the right analytics tools and strategy that imputes building a whole analytics team and department. Experts do say, you would definitely fail in your first attempt but learn from the mistakes and get it right the next time

Three Botnets Abuse Zero-Day Vulnerabilities in LILIN's DVRs!


Not of late, LILIN recorders were found to be vulnerable. Reportedly, botnet operators were behind the zero-day vulnerabilities that were exploited in the Digital Video Recorders (DVRs ) that the vendor is well known for.

Sources mention that the exploitation of the zero-day vulnerabilities had been a continuous thing for almost half a year and the vendor was unaware. Nevertheless, they rolled out a patch in February 2020.

Digital Video Recorders are electronic devices that collect video feeds from local CCTV/IP cameras systems and store them on different mass storage devices like SD cards, USB flash drives, disk drives, etc.

DVRs are a huge deal today given they are a major element for the security cameras that are used almost everywhere in these times.

With CCTV cameras raging, attacks especially designed for them have also risen equally. Malware botnets and other hacker operations have been targeting these widely used DVRs for quite some time now.

Per sources, the non-revised and out of date firmware stands to be the reason for these devices being hacked. Especially, the DVRs with default credentials are exploited to kick off DDoS and other IoT attacks.
Sources mention that security researchers found LILIN’s DVRs too were being exploited for almost half a year, since August last year by three botnets.


The vulnerability in the “NTPUpdate”, sources mention, allows attackers to inject and control the system’s commands. Via one of the ‘hardcoded credentials’ (root/icatch99 & report/8Jg0SR8K50) the attacker stands a chance to retrieve and alter a DVR’s config file, and later control commands on the device after the File Transfer Protocol (FTP) server configuration is regularly matched.

Per sources, the first botnet behind the zero-day vulnerability was the “Chalubo botnet” with a motive of exploiting the NTPUdate of the LILIN DVRs. The other two were employed by the “FBot botnet”

Reportedly, a couple of weeks after the previous attacks of the FBot, the Moobot botnet also tried its luck and succeeded on the second zero-day vulnerability.

There is no knowing as to what the exact motive was behind hacking the LILIN DVRs. Nevertheless, there has been a history of DDoS attacks, re-routing traffic, and proxy networks.

As it happens there are, per sources, over 5,000 LILIN DVRs that exist today thus making it quite a hefty task to update all of them immediately. But it’s a relief to know that the first step has been taken. There’s not much to worry about now given LILIN has released a firmware update along with solutions for mitigation.