Following events in the past year, the narrative around IoT has shifted from excitement to concern about the digital and physical threat it poses. The creator of malware which bricks insecure devices is suspected to be a vigilante hacker who aims to save us from our machines.
BrickerBot, as the malware is known, searches for BusyBox-based Linux devices with exposed Telnet ports and proceeds to brute-force its way into the device. From there, BrickerBot corrupts the compromised device’s storage in what is called a Permanent Denial of Service (PDoS) attack.
Security researchers at McAfee ran a ‘honeypot’ experiment just this week unleashing the Mirai botnet malware on a poorly-secure IoT device and it was compromised in under a minute. Mirai was responsible for the DDoS (Distributed Denial of Service) attack on DNS provider Dyn last year which disrupted popular services including Twitter, GitHub, PlayStation Network, and others.
Dyn was hit with a record-breaking 1.2 Tbps of traffic originating from approximately 100,000 Mirai-infected IoT devices around the world. The previous record-holding attack peaked at 600 Gbps of traffic, which provides some idea of the increased threat posed to businesses and the number of vulnerable IoT devices. Speaking in the most recent edition of our IoT News magazine, F-Secure Security Advisor Sean Sullivan observed: “You can get competent services by those with experience in DDoS mitigation, but it’s ultimately only going to be as good as the last best attack.”
Perhaps, malware with the sole purpose of bricking insecure devices before they become a threat is the answer. The problem is keeping such malware in control. Bricking a camera, doorbell, or similar IoT device is inconvenient and puts the pressure on manufacturers to ensure their devices are secure as not to be affected, but as more critical deployments such as for medicine or transportation come online, bricking these devices has the potential to have devastating consequences.
The use of malware to destroy IoT devices still appears to have gained support from some within the security community:
One possible alternative is for a more ‘ransomware’ approach which infects vulnerable devices and takes them offline before they become a threat, but their functionality can be restored once the device is patched. Places with critical devices, such as hospitals, would have access to keys on-site at all times.
Many devices have inherently poor security due to their components. As we reported last week, Microsoft is targeting microcontrollers with its Sopris project which aims to secure a component in tens of billions of devices that is “particularly ill-prepared for the security challenges of internet connectivity.”
In the ideal situation, none of these devices would be vulnerable from the start, but with the apparent failure to secure them appropriately so far, it’s little wonder there seems to be growing support for a more radical solution.
How would you solve the security issue with IoT devices? Let us know in the comments.