Recently, US network security company Palo Alto Networks released a report saying that there is a serious security flaw in the firmware of Japanese smart portable solar panel manufacturer Contec, which can be used by hackers for cyber attacks.
Recently, US network security company Palo Alto Networks released a report saying that there is a serious security flaw in the firmware of Japanese smart solar panel manufacturer Contec, which can be used by hackers for cyber attacks.
The vulnerability, along with more than 20 others, forms a variant of the Mirai botnet described by the Pato Network. After the malware runs, the botnet's client will listen to tun0 and output to the control interface. Hackers have the ability to take complete control of infected devices and integrate those devices into a botnet. These devices will then be used to perform other attacks, including distributed denial of service (DDoS) attacks.
The malware also includes a feature that ensures that only one instance of the malware is running on the same device, and if a botnet process already exists, the botnet client will terminate the currently running process and start a new one. However, in the analysis, the staff found that this Mirai sample does not contain the ability to brute-force telnet/SSH login credentials and exploit the vulnerability, so the only way to spread this variant is for botnet operators to manually attempt to exploit the vulnerability.
According to Contec's website, the panels have been installed in about 30,000 locations. The panels are part of Contec's SolarView system, which enables active monitoring of solar power plants, so each solar panel is effectively an iot device. In addition to Contec, according to the report of Pateto Network, other manufacturers such as TP-Link, Netgear, Mediatek, Tenda, etc., some of their Internet of Things devices are also involved in this vulnerability, including routers, closed-circuit television cameras, solar power panels and other types of Internet of Things devices have security risks.
The Mirai botnet was first discovered in 2016, and thanks to the rise of Internet of Things (iot) devices, the network has full potential for disruption, and it shows no signs of slowing down. Pato Networks' view is that the low complexity and high impact nature of these remote code execution vulnerabilities for iot devices makes them vulnerable to hackers, making it an urgent task to protect iot devices from such threats. However, due to the low frequency of firmware update of Internet of Things devices, and the low willingness of users to actively update, many devices may still be running old firmware from many years ago, which will further increase the risk of Internet of Things devices encountering network attacks, it is recommended that users apply the latest patches and updates as much as possible.
