Latest News

An unconventional way to fight IoT threat Mirai


A security researcher has come up with an unconventional solution to protect IoT devices against Mirai, a DDoS source code that has been wreaking havoc over the past month.

Leo Linsky, a software engineer from network monitoring firm PacketSled, has released a code on GitHub for a worm with the ability to infiltrate IoT devices protected with default passwords and change them to more secure passwords.

However, he has noted that this is purely an academic research project intended to show proof-of-concept. It is unlikely that the code will actually be implemented in the global fight against Mirai.

“The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device-specific or random,” wrote Linsky.

“Such a tool could theoretically be used to reduce the attack surface.”

Some experts have raised concerns about the method however, ranging from people getting locked out of their IoT devices to hackers using it to take over devices.

According to Ofer Gayer, product manager at Imperva, vulnerability scanners would be helpful to home users and small businesses that lack the technical skills to manage their own security. However, they could violate laws and compromise personal privacy, he told InformationWeek.

Meanwhile, there are claims that a successor to Mirai has been discovered.

Referred to only as Linux/IRCTelnet, it is similar to Mirai in that it relies on default hard-coded credentials to spread across vulnerable devices.

According to researchers at blog, the malware is designed to aim at IoT devices via the telnet protocol by using the originally coded telnet scanner function, “which is brute-forcing the known vulnerable credential of the Linux IoT boxes, via command sent from a CNC malicious IRC server”.

The botnet utilises DoS attack mechanisms such as UDP flood and TCP flood, along with other attacks methods in both the IPv4 and IPv6 protocol.

Linux/IRCTelnet  is able to raise almost 3,500 bot clients within five days of infecting a device, according to the researchers.

Send this to a friend