Last week security researchers reported on a critical Realtek hardware vulnerability. Since then it has been identified there are four related vulnerabilities. Experts are suggesting it may impact upward of one million devices. The devices range from IP cameras, Wi-Fi routers, network gateways, and other network accessible devices. The Record has published a list of known impacted devices.
How the attack works
This particular vulnerability allows for the cybercriminal to take over your device with full admin privileges. They do this by using a malformed URL to gain access. A malformed URL is a URL that violates the normal URL protocols by changing the characters prior to the URL.
Standard Protocol: http://
Malformed URL: http:/\
The malware payload
The malware that installs is a Mirai variant. As a refresher, Mirai is a botnet malware used to perform large scale distributed denial of service attacks or DDoS. This botnet was used in a massive DDoS attack back in October 2016, resulting in large scale internet outages impacting much of the east coast United States. Several websites impacted were Netflix, GitHub, Etsy, Twitter, Reddit, and Spotify.
What you can do
Whenever this many devices are impacted it is always a good first step to identify if you own any of those devices. If you deploy any of them on your network you will then want to search for a firmware update from the manufacturer of that device. If available, review any communication logs from those devices for any irregular inbound and outbound communications.