Friday, April 7, 2017

New malware bricks Internet Of Things devices

I complain a lot about crummy security on Internet of Things (IoT) devices.  I like to say that not only is security not an after thought, it wasn't thought of at all.  I've also said (repeatedly) that companies who make these devices don't care about security because their customers don't care.  After all, there's no downside to the customer for crummy security.

Until now:
A new malware strain called BrickerBot is bricking Internet of Things (IoT) devices around the world by corrupting their storage capability and reconfiguring kernel parameters.
Detected via honeypot servers maintained by cyber-security firm Radware, the first attacks started on March 20 and continued ever since
"But really, Borepatch," I hear you ask.  "Just how bad can it be?"  This bad:
The end result is a bricked IoT device that will stop working within seconds of getting infected. Experts call these attack PDoS (Permanent Denial of Service), but they are also known as "phlashing."
According to telemetry data, just one of Radware's honeypots has seen 1,895 PDoS attempts in the span of four days.

Welcome to the Internet of (Crummy Security) things.  I can't wait until this hits thousand dollar big screen "Smart" TVs.  But if the malware world follows historical norms, that's coming.


selsey.steve said...

I like articles such as this. I haven't got one IoT appliance in the house and I have just refused to have a "smart" meter installed.

Old NFO said...

Oh joy...

Phil said...

I'm laughing hysterically as I wander over to my ancient Maytag dryer, cranking the timer over and hitting the ON button.

Someone please explain to me why on earth my toaster should be connected to the internet?

As a mechanic with forty years of experience I have many times said aloud, just because you can doesn't mean you should.
This is one of those times.