Forgot your password?
typodupeerror
Security Bitcoin

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin 75

Posted by Unknown Lamer
from the dvr-burned-the-house-down dept.
UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."
This discussion has been archived. No new comments can be posted.

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin

Comments Filter:
  • by TWX (665546) on Tuesday April 01, 2014 @12:05AM (#46627955)
    ...by this?

    I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.
  • by fuzzyfuzzyfungus (1223518) on Tuesday April 01, 2014 @02:42AM (#46628379) Journal

    ...by this? I'm more surprised that we haven't seen reports of infected DVD and Blu-ray players whose only purpose is to seek out more powerful devices (PCs, smartphones) on peoples' networks to compromise and turn into bitcoin zombies. After all, it only takes a few people to come up with the exploits in the first place, and then 5kr1p7 k1dd13s can use the tools others have created.

    The main surprise is just that it's worth the trouble. Synology's high end has a few systems built around notably undistinguished Xeons(more for ECC support than anything else, they don't use very speedy ones); but if this attack is built for ARM, you are talking the relative cheap seats. Probably kilohashes to low megahashes per second, depending on how much capacity you reserve for the intended function of the device.

    Even free-as-in-stolen, you're telling me that the best use somebody can think of for a botnet of network attached storage devices is generating maybe as many hashes as one of those cheapo USB-stick ASICs, rather than, say, basking in juicy private data and massive stolen storage space?

  • by fuzzyfuzzyfungus (1223518) on Tuesday April 01, 2014 @03:11AM (#46628443) Journal
    If memory serves, most of Synology's non-intel NASes are Marvell based. Marvell's fastest device, in terms of general compute, is the MV78460. 4 cores, ARMv7, up to 1.6GHz. As documented here [synology.com] most Synology NASes ship with something slower than that.

    For reference, a 1.6GHz 'Kirkwood' Marvell core is good for slightly under .2 meghashes/s. About half as fast as an Atom CPU, less than 1/4000th as fast as an AMD7970, and just plain embarassing compared to the ASICs that do most of the work these days. With devices that run on USB power alone pulling north of 1gighash/s, you could probably own every Synology ARM NAS in the first world and barely pay yourself for your time.

You will be successful in your work.

Working...