Hikvision DVR Prove a Hotbed for Mediocre Bitcoin Miners

As yet another odd appliance under the net of the Internet of Things falls to an unnamed group of attackers based out of the Philippines, one has to wonder if hooking up our toasters to a neverending source of malware is really the best idea we’ve had since the sliced bread they were originally designed to burn just right.

If anything, it seems the standard school of thought these days is if it has a processor, you can bet there’s someone out there trying to find a way to turn it into a Bitcoin mining machine with whatever CPU it’s got left to spare on the side.

Found by members of the team on the netsec training ground at the Sans Institute, the backdoor Bitcoin burglar currently only affects one specific model of DVR, the EPCOM Hikvision S04, which generates the lion’s share of their income in countries like Brazil and Argentina.

Where things become especially interesting is that the result shown by researchers was achieved on a system that has absolutely no stock method for downloading software or files from the internet directly.

To work around the issue, the hackers hauled over a personalized Wget command through Unix, basically tricking the DVR into downloading the mining program from a designated server which has since gone offline after Sans published their findings today.

Photo: Sans Institute

“Throughout the day, the server periodically pushes parameters to the miner, but I haven’t seen the miner return anything yet, which probably underscores the fact that these miners are pretty useless due to their weak CPUs,” Ullrich wrote. “The DVR did get infected multiple times, but none of the attackers changed the default password, or removed prior bitcoin miners.”

As you can already assume from the headline, the DVR is not exactly known for its raw, unbridled horsepower among the various gadgets available in any given living room. This means that thousands of machines would need to be operating at once and belong to one person only to even be near the realm of financial feasibility, disqualifying it from the roster of highly lucrative botnets designed to steal processing power out of high-end desktops dotted across the global landscape.

While Cisco’s chief has quite optimistically pegged the IoT market to explode to over $19 billion by 2018, companies like Samsung and Nest continue to pump out products that aren’t anywhere near close to ready to be attached to a network which is downright notorious for causing computers to go completely haywire if someone accidentally opens the wrong email for more than half a second at a time.

The fear of that type of control being handed over to the open web just doesn’t seem like something that could be feasibly executed at this point without some serious security breaches overshadowing the effectiveness of having the appliances hooked up in the first place.

As we know of, only one fridge from Kenmore has actually been hacked thus far, and hopefully Google will be able to throw their collective might behind the effort to keep their new Nest acquisition secure from attackers waiting just on the other side of the side yard sensor line.

These road bumps are just a few examples of the precarious line.