The Saga Over Unsecured IoT Devices and the Internet Continues

The Saga Over Unsecured IoT Devices and the Internet Continues

The saga over unsecured IoT devices reads like it was pulled straight from the pages of a comic book.    

Last year’s major DDoS attack gave us a glimpse of what a major cybercrime attack could accomplish. The attack, which was initiated by Mirai botnet, had many IT professionals concerned about the vast number of IoT devices that had been left unsecured. When new programs appeared, seemingly attempting to emulate Mirai botnet, security professionals took notice. Once security professionals investigated the similar-looking programs, they didn’t quite find what they expected. These programs aren’t attempting to be the next big internet attack: they are, seemingly, trying to prevent it.

Mirai Refresh

As you might recall, Mirai is a type of Trojan malware that spreads to vulnerable devices by scanning the internet for IoT devices that are still protected by their factory-default password and username. Once the vulnerable IoT devices are infected with malicious software, the devices are turned into bots. The bots are forced to report to a central control server and are used as a staging area for launching powerful DDoS attacks designed to bring down websites.

Mirai, coupled with the vast number of unsecured IoT devices available, was able to cripple the internet. With IoT devices gaining more and more popularity, this type of internet attack is concerning. Due to no foreseeable solutions being provided by manufacturers, white hat hackers are taking the problem into their own hands. 

Will Bricker Bot Save the Internet?

If Mirai is the supervillain, BrickerBot serves as more of an anti-hero. BrickerBot is an IoT malware that infects unsecured IoT devices and bricks them.

According to John Biggs from Tech Crunch, the new program, created by a vigilante hacker calling himself "The Janitor,” was created with a noble purpose: to prevent another massive DDoS attack. By bricking unsecured IoT devices, Mirai has no base for springing another large-scale attack. The catch to this heroic endeavor is that bricking your devices means they are rendered useless. As most IoT devices are expensive electronics, this is an unforgiving way of letting people know they need to secure their devices.

So far, the first version of BrickerBot has bricked thousands of devices with plans to do the same for more. “The Janitor” provided his reasoning for his actions to Tech Crunch:

“Like so many others I was dismayed by the indiscriminate DDoS attacks by IoT botnets in 2016. I thought for sure that the large attacks would force the industry to finally get its act together, but after a few months of record-breaking attacks it became obvious that in spite of all the sincere efforts the problem couldn’t be solved quickly enough by conventional means. I consider my project a form of ‘Internet Chemotherapy;’ I sometimes jokingly think of myself as The Doctor. Chemotherapy is a harsh treatment that nobody in their right mind would administer to a healthy patient, but the Internet was becoming seriously ill in Q3 and Q4/2016 and the moderate remedies were ineffective.”

Will IoT product manufacturers listen? Or is there a true hero that will stop Mirai from total internet destruction? Stay tuned for the next paragraph.

Enter Hajime

Just when things were looking bleak for the internet, Hajime entered the picture. Hajime was discovered last October, right around the same time as the Mirai Botnet. Hajime is a similar family to Mirai - it spreads via unsecured devices and uses the exact same username and password combinations that Mirai is programmed to use. 

According to Waylon Grange of Symantec, this is where the similarities end:

“Hajime is also stealthier and more advanced in comparison to Mirai. Once on an infected device, it takes multiple steps to conceal its running processes and hide its files on the file system. The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fly. It is apparent from the code that a fair amount of development time went into designing this worm.”

What makes Hajime the good guy? For one, the worm has no DDoS capabilities or any malicious code except for what is used to access your device.

Grange notes that the worm installed improves the device security, blocking ports that Mirai is known to target. While the hacker’s intentions appear to be good, we can’t really know for sure. They could use the guise of hero to turn our IoT devices into the hosting ground for another massive botnet. Grange does note that the worm installed improves the device security, blocking ports that Mirai is known to target.

Do Your Part!

Unlike most superhero stories, we can directly impact the results of this internet showdown.

Grange provides a detailed list of steps to take to prevent your IoT device from being infected:

  1. Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks
  2. Use a strong encryption method when setting up Wi-Fi network access (WPA2)
  3. Disable Universal Plug and Play (UPnP) on routers
  4. Disable or protect remote access to IoT devices when not needed
  5. Regularly check the manufacturer’s website for firmware updates

Unsecured IoT devices are one of the biggest concerns for the future of security on the internet and very little is being done to solve this issue. While some hackers have taken the issue into their own hands, relying on anonymous people to solve this issue isn’t an ideal solution. Put on your cape and secure those IoT devices!

Written by Nik Vargas