Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday April 10 2017, @11:57PM   Printer-friendly
from the another-brick-in-the-wall dept.

Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable.

PDoS attack bots (short for "permanent denial-of-service") scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.

Over a four-day span last month, researchers from security firm Radware detected roughly 2,250 PDoS attempts on devices they made available in a specially constructed honeypot. The attacks came from two separate botnets—dubbed BrickerBot.1 and BrickerBot.2—with nodes for the first located all around the world. BrickerBot.1 eventually went silent, but even now the more destructive BrickerBot.2 attempts a log-on to one of the Radware-operated honeypot devices roughly once every two hours. The bots brick real-world devices that have the telnet protocol enabled and are protected by default passwords, with no clear sign to the owner of what happened or why.

See also this related blog post inspired by this article.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday April 11 2017, @12:28AM (1 child)

    by Anonymous Coward on Tuesday April 11 2017, @12:28AM (#492035)

    The problem is a lot of these devices have their login credentials set at the base layer and are immutable to user changes, even if they have a "user level" login that can be changed. This means the devices are fundamentally vulnerable and the only repair is either a firmware upgrade from the vendor... or trashing the device and hope the next guy you buy from was less stupid/lazy. But I wouldn't be optimistic, the IoT is fucked top-to-bottom currently.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 2) by Snotnose on Tuesday April 11 2017, @01:04AM

    by Snotnose (1623) on Tuesday April 11 2017, @01:04AM (#492044)

    The problem is that this is a problem. 2 solutions:

    a) as I said before, each device gets a serial number and the default password is unique
    b) let me fire up the device before connecting to a network and let me change the default password.
    c) Do neither, let my IoT doohicky join a DDoS, and I can join a class action lawsuit to put the vendor out of business

    whoops, that's 3. So make a class action.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.