New Malware ‘Bricks’ IoT Devices
Despite repeated assurances that Internet of Things security issues are being addressed, so-called "in-the-wild" attacks on poorly secured devices reveal that securing the IoT still has a long way to go.
The latest threat comes from a new malware strain known as BrickerBot that, according to security experts, intentionally "bricks" IoT devices, meaning the malware renders the computer's motherboard permanently inoperable. First detected by the Tel Aviv-based cyber-security firm Radware in late March, the Brickerbot strains also are believed to corrupt device storage capability while reconfiguring kernel settings.
Reports said the malware is targeting IoT devices based on Linux BusyBox, often referred to as the "Swiss Army Knife of Embedded Linux."
Security experts said the "permanent denial-of-service" bots scan the IoT for Linux-based routers and other connected devices protected only by default passwords. Reports said BrickerBot uses a list of known default credentials used for IoT devices. The bot then erases files stored in the IoT device, corrupts its storage and severs its network connection.
Once the bot gains access, it reportedly writes random bits to a device's storage drives, wiping out flash storage capabilities. One the device is "bricked," the only alternatives are reinstalling firmware or, more likely, buying a new device.
"On multiple occasions I have witnessed devices being bricked by sending malformed traffic to the device," Mike Ahmadi, director of Critical Systems Security at chip design specialist Synopsys Inc. (NASDAQ: SNPS), noted in an email. "In multiple cases sending as few as two bad packets to the broadcast address of networked devices caused all of them to become bricked all at once.
"At the time I hoped such issues would be discovered and fixed before the hacking world decided to exploit such vulnerabilities, but now it seems that we are forced to react to a seemingly uncontrollable situation, that is likely to get much worse before it gets better."
BrickerBot is the latest malware to plague IoT devices. It appears to be a variant of the Marai botnet that targeted networked cameras and other connected devices with distributed denial-of-service attacks that emerged last fall.
The latest malware attacks will likely fuel concerns about potential security gaps in enterprise cloud platforms created by unsecured IoT devices. A recent survey of IT security managers found that 62 percent believe cloud security will worsen as more IoT services and devices using little more than factory default passwords are connected to enterprise IT infrastructure.
Some take issue with that assertion, noting that cloud security often comes down to user, administrative and infrastructure architecture issues. "The cloud itself as a construct is incredibly secure," one observer noted. "This does not mean, however, that vigilance is no longer required by IT staff and users; security is everyone’s job."