Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday April 10 2017, @11:57PM   Printer-friendly
from the another-brick-in-the-wall dept.

Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable.

PDoS attack bots (short for "permanent denial-of-service") scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.

Over a four-day span last month, researchers from security firm Radware detected roughly 2,250 PDoS attempts on devices they made available in a specially constructed honeypot. The attacks came from two separate botnets—dubbed BrickerBot.1 and BrickerBot.2—with nodes for the first located all around the world. BrickerBot.1 eventually went silent, but even now the more destructive BrickerBot.2 attempts a log-on to one of the Radware-operated honeypot devices roughly once every two hours. The bots brick real-world devices that have the telnet protocol enabled and are protected by default passwords, with no clear sign to the owner of what happened or why.

See also this related blog post inspired by this article.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bob_super on Tuesday April 11 2017, @12:09AM (3 children)

    by bob_super (1357) on Tuesday April 11 2017, @12:09AM (#492029)

    While it might actually be a good thing to take down insecure devices, I'd like a chance to change the password after the first time the thing gets plugged in. Gimme a few minutes, and then come back to punish my dangerous laziness.
    It was once considered unlikely to keep Windows virus-free in the time required to download and install an anti-virus and firewall from the web. I hope IoT crap doesn't quite get to that point

    But if the Gen3 or Gen4 starts using unpatched or zero-day bugs to disable, take over, and propagate ... basic ungeek users don't stand a chance..

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Insightful) by ledow on Tuesday April 11 2017, @07:40AM (2 children)

    by ledow (5567) on Tuesday April 11 2017, @07:40AM (#492168) Homepage

    Why would you put it on the Internet before trying to change the password?

    You plug it in, change the password, and THEN put it on the Internet.

    Same way you install an OS, change the password and then put it on the Internet (but never directly, always through a firewall/router).

    The problem is people who DO NOT understand that the Internet - in any form - wireless, etc. are *untrusted* and *untrustable*.

    You secure the machine before you expose it to them. And the base, core, first thing you need to do to do that is change the admin password, which can be done on your local network. In fact, often you need to wire thing direct to a machine in order to let it be the default gateway on its default IP address, so that you can get to the admin page in the first place.

    The problem here is three-fold. Stupid users. Stupid defaults (same on every device rather than just a random number). Stupid protocols enabled (Telnet? Really?).

    • (Score: 2) by Scruffy Beard 2 on Tuesday April 11 2017, @08:33AM (1 child)

      by Scruffy Beard 2 (6030) on Tuesday April 11 2017, @08:33AM (#492182)

      Well, telnet is dead-simple. You can almost use netcat as a client (or so I have heard).

      Not sure why you would ever want it on the WAN interface though.

      • (Score: 0) by Anonymous Coward on Tuesday April 11 2017, @03:57PM

        by Anonymous Coward on Tuesday April 11 2017, @03:57PM (#492317)

        A lot of the reason is that it can make development a lot easier. All you need to do to debug things is plug it into the WAN and the device can connect to your testing servers and has a convenient way for you to go deeper than the shiny GUI. The problem is that they either forget to turn it off or (a configuration I've seen more and more) they set the firewall such that all traffic is filtered unless it has a local email address. The problem with the latter being that most users use give the device a local address and documentation commonly suggests connecting such devices to a "DMZ." (Of course, most uses of the term "DMZ" don't refer to actual DMZs, but various less secure shortcuts.)