A botnet is currently threatening hundreds of thousands of connected objects. Indeed, the botnet exploits a dozen security vulnerabilities identified in a Realtek development kit, used by routers, Wi-Fi repeaters or surveillance cameras. Once exploited, these vulnerabilities allow remote control of these devices to be taken.
While a loophole allowing to spy on millions of users of cameras or baby monitors has recently been spotted, it is the turn of a botnet to threaten thousands of connected objects around the world. As IoT Inspector’s IT security researchers explain, this botnet exploits a dozen security vulnerabilities present in a development kit from Realtek.
Problem, this SDK is used by thousands of connected objects. More precisely, not months of 200 devices manufactured by more than 65 manufacturers, such as Asus, Belkin, D-Link or even Netgear and ZTE are affected by these critical vulnerabilities. The most dangerous of these, listed as CVE-2021-35395, has a severity rating of 9.8 out of 10.
It impacts many connected wireless devices, such as routers, Wi-Fi repeaters, surveillance cameras, not to mention bulbs and lights as well as connected toys. According to IoT Inspector experts, this flaw is found in the management web interface. In other words, attackers can gain remote access and execute arbitrary code on unpatched devices and take control of it.
Also read: Over 100 million connected objects are threatened by critical security breaches!
Exploitation attempts already spotted in nature
After sharing their discovery with Realtek, the company quickly released a corrected version of the SDK on August 13, 2021. However, publishing a patch is not enough to solve the problem. Indeed, it is still necessary that the manufacturers of the various threatened devices in turn deploy the patch on their respective products. A process which can unfortunately take a long time.
And indeed, the pirates know it very well and quickly went on the attack. According to the network security company SAM Seamless Network, a botnet has already started to search for unprotected devices affected by this vulnerability. “As of August 18, we have identified attempts to exploit CVE-2021-35395 in the wild ”, SAM Seamless Network assured in a report released last week. All that remains is to cross your fingers so that the various manufacturers concerned publish the Realtek patch as quickly as possible on their devices.
Source: Bleeding Computer