Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Botnet Bug Networking The Internet Linux

IoT Devices With Default Telnet Passwords Used As Botnet (securityaffairs.co) 57

Slashdot reader stiebing.ja writes: IoT devices, like DVR recorders or webcams, which are running Linux with open telnet access and have no passwords or default passwords are currently a target of attacks which try to install malware which then makes the devices a node of a botnet for DDoS attacks. As the malware, called Linux/Mirai, only resides in memory, once the attack has been successful, revealing if your device got captured isn't so easy, and also analyzing the malware is difficult, as it will vanish on reboot.
Plus the malware lays low at first, though "it is obvious that the main purpose is still for a DDoS botnet," according to MalwareMustDie, and it's designed to spread rapidly to other IoT devices using a telnet scanner. "According to the experts, several attacks have been detected in the wild," according to the article, which warns that many antivirus solutions are still unable to detect the malware, and "If you have an IoT device, please make sure you have no telnet service open and running."
This discussion has been archived. No new comments can be posted.

IoT Devices With Default Telnet Passwords Used As Botnet

Comments Filter:
  • by Anonymous Coward

    Are all of those IOT devices designed by millennials ??

    • by Anonymous Coward

      IOT === Idiots or Twats.
      IMHO that describes the designer of pretty well all IoT devices released so far.

  • Defective Product (Score:5, Insightful)

    by SeattleLawGuy ( 4561077 ) on Sunday September 11, 2016 @01:32PM (#52866799)

    In this day and age, a device with telnet and no password is fundamentally a defective product.

    • by zifn4b ( 1040588 )

      In this day and age, a device with telnet and no password is fundamentally a defective product.

      If you're really a lawyer, you should start a class action lawsuit against the offending companies for gross negligence.

    • by gweihir ( 88907 )

      Indeed. "Gross negligence" seems to be too tame a description for it.

  • "According to the experts, several attacks have been detected in the wild," - well, have a look at this article [blog.nic.cz]. It is about more than 6 million devices, 1 million of it being for sure IoT stuff like cameras and the likes. It is very likely they are talking about the same attack described here.

  • Here is a website where you can test if your device has such a problem, because it has been observed in Telnet honeypots for quite some time - https://amihacked.turris.cz/ [turris.cz]

  • Except for devices where the buyer WANTS this open - say, for use in a honeypot - I would consider this a design defect. Depending on the device, this could cause death.

    The feds (in the USA) are probably going to turn the "voluntary" recall of the Samsung Galaxy 7 phone into a "mandatory" recall.

    I would recommend they seriously consider doing the same for any device that has security hole like this that can't be fixed by end users, especially for devices that are designed to be used by non-experts.

  • Some things can hurt people or destroy property if they don't work right.

    Maybe it's time to have the makers of HVAC systems and other things that could injure or kill if they become zombies get an engineer to sign off on all designs - including software design - before they are allowed to sell the equipment for its intended purpose, at least if the end user isn't an expert (e.g. thermostats designed for residential or small-office use where they aren't under constant monitoring by HVAC professionals). This

  • Speaking as a slightly paranoid home user.

    Every time I add a new device to my network, I do a nmap port scan on it. Something like:
    sudo nmap -A -T4 ipaddress

    If access to those ports are needed, I'll do some poking on them, depending on what they are and probably some research to determine if they have had any security issues, and do a risk analysis.

    Work follows a completely different model. Everything is blocked, there are various levels of approvals needed to open any ports. External access directly to in

To stay youthful, stay useful.

Working...