Hello, welcome to the Monday, August 10th, 2020 edition of the Sanctur Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

And this weekend, DefCon, of course, happened remotely as everything these days.

And one of the big topics, again, IoT and cameras. Now,

Guy also took a look at his honeypot and saw exploitation attempts against some older vulnerabilities

from 2017, actually, against wireless IP Wi-Fi cam cameras. This is a generic type that's

being produced and marketed under 1,250 different brand names and models. So essentially

the same camera shows up in different housings and under different names,

making it pretty difficult to identify if your camera is vulnerable. The exploit as often for

these type of systems is pretty straightforward. Just a simple get request with the right parameters, allow you to execute arbitrary code.

Now, the one type of attack that Guy was sort of zooming in on here is those that establish backdoors with Netcat.

Essentially, they are setting up Netcat in order to then connect back to the source of the attack and expose

a shell.

Very simple, very straightforward attack and of course a bit more robust the sense that

the attacker doesn't actually need to prude force a password in this way.

They just get a shell back and then of course can do whatever they need to do using that shell using a follow-up attack.

And today, of course, we'll be a little bit DefCon heavy, and we have a second story here coming from Checkpoint.

It was actually pre-announced on Thursday and it's about vulnerabilities that checkpoint

discovered in Qualcomm's Snapdragon.

If you have an Android phone, it's very likely that one of these Snapdragon chips is powering

your phone.

They're often referred to as a DSP or digital signal processor because it does a lot more than really just a CPU.

...