Hacker used digital video recorder for bitcoin mining

Not only computers, but also digital video recorders are at risk of being used by criminals to mine bitcoins. A researcher from the SANS Institute, an American security company, discovered this after his own research.

Researcher Johannes Ullrich of the SANS Institute bought a digital video recorder from eBay and connected it to the Internet. It was an Epcom Hikvision S04, which, according to Ullrich, was in new condition and had therefore not been used before.

He connected the VCR to the Internet using the default configuration. By default, the device did not have a firewall and did not ask to change the password. Partly because of this, the researcher saw that, right after he connected the Epcom, hackers were scanning the ports of the device. Brute force attacks began to take place, with the attackers attempting to break into the system. In the end, six of the thirteen hackers managed to break in on the first day using the regular username and password, ‘root’ and ‘12345’ respectively.

One of the hackers went a step further and started to ‘upload’ the bitcoin script, although the video recorder initially does not support this functionality at all. “There was no wget and no ftp or telnet client. Instead, the attack was run through the telnet console. It turned out that the attacker was using a wrapper script that issued a series of ‘echo’ commands to upload the initial binary” Ullrich writes.

A few commands later, the device turned out to be mining bitcoins, but the effectiveness of the device was limited, presumably due to the weak CPU of the video recorder, says Ullrich. However, the Epcom was cracked several times and contaminated with miners. The attackers also left the scripts of others, according to Ullrich. The researcher has put a PCAP file online that can be used to analyze the attacks on the video recorder.