SoylentNews is people
SoylentNews
Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable.
PDoS attack bots (short for "permanent denial-of-service") scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.
Over a four-day span last month, researchers from security firm Radware detected roughly 2,250 PDoS attempts on devices they made available in a specially constructed honeypot. The attacks came from two separate botnets—dubbed BrickerBot.1 and BrickerBot.2—with nodes for the first located all around the world. BrickerBot.1 eventually went silent, but even now the more destructive BrickerBot.2 attempts a log-on to one of the Radware-operated honeypot devices roughly once every two hours. The bots brick real-world devices that have the telnet protocol enabled and are protected by default passwords, with no clear sign to the owner of what happened or why.
See also this related blog post inspired by this article.
(Score: 2) by The Mighty Buzzard on Tuesday April 11 2017, @12:37AM (3 children)
It's about time someone did this. I'm sick to death of reading every other day about a new botnet targeting known but unpatched flaws in IoT shat. Destroy the pieces of shit and make sure everyone knows how and why they were destroyed so the shitheads who make them have to deal with their reputations being crushed.
My rights don't end where your fear begins.
(Score: 4, Interesting) by bob_super on Tuesday April 11 2017, @01:37AM (1 child)
This will be achieved a lot faster once people's fancy IoT fridges start dying, their washers start spinning until something breaks, and their furnace or AC run full blast in the wrong mode.
A $100 toy is one thing, a multi-grand major appliance is a magnet for lawyers...
(Score: 2) by FatPhil on Wednesday April 12 2017, @03:11PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Insightful) by urza9814 on Tuesday April 11 2017, @06:30PM
Yeah, I wish they'd go a bit further than bricking them.
Convert the compromised router into a captive portal that returns "YOUR DEVICE WAS HACKED BECAUSE THE MANUFACTURER IS COMPLETELY INCOMPETENT" instead of whatever site you're requesting. If it's got a screen, print that to the screen. If it's got SSH, disable logins and if possible set that as the error message. Same for telnet. Make it abundantly clear to the user that it's not just a poor solder joint from the crappy manufacturing process. People are too used to that failure mode, people kinda expect cheap electronics to fail. And while a review that says "The piece of crap failed after three months, guess you get what you pay for" hurts the manufacturer, a review of "It got hacked, bricked itself, and exposed all of my data" would probably be worse. AND more useful for those who know what they're doing.