Thursday, May 26, 2022

New ‘BrickerBot’ Malware Can Permanently Disable Your IoT Devices

New ‘BrickerBot’ Malware Can Permanently Disable Your IoT Devices

Security has been an afterthought at best in most Internet-of-Things (IoT) devices on the market, and bad actors leverage that fact with incredible results. Massive denial of service attacks and botnets of unprecedented size sprung up overnight with the advent of IoT — and we’re seeing the next logical step in that trend with a new malware, aptly named by Radware: BrickerBot.

Also read: Legal Challenge to New York’s BitLicense to Begin Soon

Brickerbot Breaks IoT Devices

As described in the Radware Advisory, the BrickerBot malware exploits the same telnet/busybox vulnerabilities as the massive Mirai IoT botnet. The malware builds upon common techniques utilized in exploiting IoT devices, but for a different application.

Instead of hijacking vulnerable devices once it has access, it runs through a series of operations designed to corrupt data storage, writing random data onto raw device nodes and cutting the device off from network access, permanently disabling or “bricking” the affected IoT gadget.

Finally, the script ends by making the linux kernel inoperable and rebooting, prohibiting service by the end user in most cases.

Command sequence used by BrickerBot upon gaining device access.

This type of attack is called a Permanent Denial of Service, or colloquially, “Phlashing.” Devices vulnerable to BrickerBot include busybox/linux applications exposed to the internet, of which IoT devices make up a very large subset. The Radware advisory recommends disabling telnet and changing the default credentials shipped with your IoT devices, as well as some other high-level networking best practices.

Practical Security is Not That Simple

The Radware recommendations are all well and good for business and industry, but for consumer use it provides little help.

Most of the potential userbase of consumer IoT are not versed in network administration, and it is common practice to ship devices with little to none of the base functionality exposed to the customer, effectively making the factory credentials and always-on connectivity permanent in practical terms.

The potential for harm ushered in by the prospect of ubiquitous IoT grows every day, and IoT companies make sales without changing bad security practices on the part of the developers of this class of device. Either methodology needs to shift radically or we need to raise a serious discussion on regulation.

What do you do to protect your IoT devices? Let us know in the comments below

Images via Radware

Bitsonline Email Newsletter