Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday April 10 2017, @11:57PM   Printer-friendly
from the another-brick-in-the-wall dept.

Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable.

PDoS attack bots (short for "permanent denial-of-service") scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.

Over a four-day span last month, researchers from security firm Radware detected roughly 2,250 PDoS attempts on devices they made available in a specially constructed honeypot. The attacks came from two separate botnets—dubbed BrickerBot.1 and BrickerBot.2—with nodes for the first located all around the world. BrickerBot.1 eventually went silent, but even now the more destructive BrickerBot.2 attempts a log-on to one of the Radware-operated honeypot devices roughly once every two hours. The bots brick real-world devices that have the telnet protocol enabled and are protected by default passwords, with no clear sign to the owner of what happened or why.

See also this related blog post inspired by this article.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by coolgopher on Tuesday April 11 2017, @01:56AM (2 children)

    by coolgopher (1157) on Tuesday April 11 2017, @01:56AM (#492072)

    The difference being that for your example to match, it'd be not just posting about how to defeat it, but someone doing the rounds and opening all such deadbolts and jamming your door into a permanently open (or closed) position.

    I have no issue at all with someone posting the how-to (though I'd certainly prefer them giving the company a heads-up and a chance to fix their shit first). Responsible disclosure is a Good Thing(tm) in my books.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 3, Interesting) by Snotnose on Tuesday April 11 2017, @02:28AM

    by Snotnose (1623) on Tuesday April 11 2017, @02:28AM (#492081)

    I fail to see the difference. If I go to Home Depot and buy an expensive lock for $80, and you can hack it with a straight piece of steel, then.... Fark Home Depot and the Vendor, when it comes out I lost my TV/DVR to some crack addict with a hairpin and an internet connection I'm not going after the crack addict.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
  • (Score: 2) by ilsa on Wednesday April 12 2017, @10:23PM

    by ilsa (6082) Subscriber Badge on Wednesday April 12 2017, @10:23PM (#493104)

    While responsible disclosure is normally a good thing, that depends on the manufacturer actually giving a shit.

    As we've seen absurdly often now, this is not the case. And even if the manufacturer did care, the likelyhood that a user would follow up with security fixes is extremely low. That could either be due to simple lack of knowing, or not giving a shit, but the end result is the same.

    Side story: I remember a neighbour asking for my help because their ISP cut them off for having a virus. He was adamant that he was not responsible for the problem, and that the ISP should have prevented the virus from getting onto his machine. I tried to explain to him that his computer is his responsibility but he wouldn't have it. I ended up telling him that he needed to reformat his hard drive to get rid of the virus, and there was nothing else I could do.

    So yeah, this IOT mess is an inevitable consequence of the current attitudes people have. While I can't condone this kind of vigilante action since it's damaging private property, I also can't say I feel the slightest bit sorry for the people affected, and I am happy that this is happening. There are way too many people and manufacturers coasting along expecting other people to work around their irresponsibility, and the problem will not get better until they start feeling some pain.