Recently, the Vectra Networks researchers carried outan experimentin which they transformed aD-Link DCS 930L webcaminto a backdoor machine.
This process revealed a u-boot and a Linux kernel and image.
The webcam was working as usual while hiding the hack.
Vectra also installed code to stop web link administrators making any firmware updates that would remove the backdoor.
While the research was conducted using a D-Link equipment, Ollmann said other Web-based cameras possess similar design vulnerabilities.
The design of many mass-produced consumer-level electronics is very similar.
The biggest downside for attackers is the lack of persistent storage in devices like webcams, wrote the researchers.
Instead, they use NVRAM to store configuration and the flash ROM to store the running code.
While scary, the latter kind of attack is largely stunt hacking, he said.
In early December last year, Vectras researchers had disclosed the vulnerability to D-Link.
source: www.techworm.net
