Ichano’s “AtHome Camera” is a bit of a different approach to home surveillance cameras [1]. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting.
Back in 2017, a hard-coded username and password vulnerability was identified in the product (CVE-2017-17761) [2]. It is kind of odd that it took so long for this username to show up in scans against our honeypots, but I noticed it on June 18th. The password attempted is “123”, as outlined in CVE-2017-17761. It is not clear if this issue was ever fixed by Ichano.
IP addresses scanning for this username and password combination are also scanning for other typical “IoT” default usernames and passwords, with usernames like “root”, “admin”, “gast”, “gpon” and others.
Some of the IP addresses actively scanning:
104.155.29.102, Google Cloud, US
110.233.163.181, Biglobe, Japan
110.233.163.180, Biglobe, Japan
123.210.143.28, Telstra, Australia
139.135.69.203, DITO TELECOMMUNITY, Philippines
153.237.47.226, Open Computer Network, Japan
178.242.192.55, TURKCELL, Turkey
185.248.13.240, ATLANTISNET, Turkey
220.107.154.153 Open Computer Network, Japan
Nothing specifically special or exciting about these IPs as far as I can tell.
[1] https://www.ichano.com/
[2] https://www.exploit-db.com/exploits/44048
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
