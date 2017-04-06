Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Botnet Security Communications Network Privacy The Internet

New Destructive Malware Intentionally Bricks IoT Devices

Posted by BeauHD
An anonymous reader writes: "A new malware strain called BrickerBot is intentionally bricking Internet of Things (IoT) devices around the world by corrupting their flash storage capability and reconfiguring kernel parameters. The malware spreads by launching brute-force attacks on IoT (BusyBox-based) devices with open Telnet ports. After BrickerBot attacks, device owners often have to reinstall the device's firmware, or in some cases, replace the device entirely. Attacks started on March 20, and two versions have been seen. One malware strain launches attacks from hijacked Ubiquiti devices, while the second, more advanced, is hidden behind Tor exit nodes. Several security researchers believe this is the work of an internet vigilante fed up with the amount of insecure IoT devices connected to the internet and used for DDoS attacks. "Wow. That's pretty nasty," said Cybereason security researcher Amit Serper after Bleeping Computer showed him Radware's security alert. "They're just bricking it for the sake of bricking it. [They're] deliberately destroying the device."

  • Sledgehammer approach. (Score:5, Informative)

    by mlheur ( 212082 ) on Thursday April 06, 2017 @06:44PM (#54188275)

    Despite how malicious this is, I'm oddly OK with it.

    • Re: (Score:2)

      by mellon ( 7048 )

      Yeah, this is wrong, so wrong, and yet I'm having a lot of trouble getting worked up about it. If your device is that hackable, it probably needs to be bricked for the sake of humanity. The Internet of Things That Go Bump In The Night gets exorcised...

    • Exactly my first thought! Insecure "IoT" devices NEED to be disabled from accessing the internet and fucking it up for the rest of us. Besides, how can we watch our ads?!?
    • Yeah, came here to say this. Surprised I'm in the majority on this.

      If you can't figure out how to secure your device, or you are unable to do so, then so sad too bad. Hope a bunch of IoT vendors go tits up.

      • I'm not.
        I think most here on /. are of this general opinion. It's machiavellian for sure, but really does have the whole "Ends justify the means" feel to it.

        Hopefully (though doubtfully) the OEMs will be eating a lot of warranty returns. It is only if this costs the OEMs money that the problems will be fixed. If it only costs the end users money then not a ton will really happen.

    • Yep. Saw the report and my first thought was "is this really a bad thing?" Better they end up as bricks than fueling a LOIC.

  • If pwnable easily it must die - network darwinism (Score:2, Interesting)

    by Anonymous Coward

    If it's secured, then it belongs on the network. If it's not secured, this is the best possible outcome, non-function and removal.

    Good job.

  • Crowdfund? (Score:5, Funny)

    by Anonymous Coward on Thursday April 06, 2017 @06:47PM (#54188299)

    Where is the kickstarter or indiegogo page for this project? I can't find it.

    • Hehehe - sorry, I ran out of mod points this morning.

      I wonder if the people exploiting Mirai for profit will start disinfecting this thing.

  • We knew it was coming... (Score:4, Interesting)

    by evolutionary ( 933064 ) on Thursday April 06, 2017 @06:49PM (#54188305)
    Okay, it was only a matter of time before somebody came around and starting exploiting all the backdoors/weak protection in this IoT(I pronounce "idiot") devices. The funny thing is, this may well be a public service in an odd way. At least no one's life is dependent on these devices..yet. If we started adopting these things carelessly in situations that could endanger lives, we'd be in serious trouble. Perhaps this is the wake up call we've desperately needed.

    • What about a garage door opener that was bricked and a woman got killed because she was being chased by a maniac and her garage wouldn't let her in?

    • At least no one's life is dependent on these devices..yet. If we started adopting these things carelessly in situations that could endanger lives, we'd be in serious trouble. Perhaps this is the wake up call we've desperately needed.

      We already have life critical devices compromised. Remember that the early adopters of the IoT was hospitals, which have been compromised already. http://spectrum.ieee.org/view-... [ieee.org]

      While this case was not the result of a hacker, but software error, todays radiation dispenser is about 100 percent likely to be attached to the internet. http://ccnr.org/fatal_dose.htm... [ccnr.org].

      And it wouldn't be too surprising if people have been killed already. We just wouldn't hear abou tit, or the operators might not even kno

  • These devices were already broken. Now they are non-functional as well.

  • So potentially a stupid question here, but given that we have a severe shortage of IP addresses due to exhaustion of the IPv4 space, how are all of these devices getting publicly addressable IP addresses to allow an incoming connection in the first place? If they're behind a NAT they should be naturally firewalled, otherwise who has the spare IPs to hand out to crappy little IoT devices?

