BrickerBot or How Your Toaster Can Threat National Security
Sounds a bit loony, doesn’t it? How can a sweet little toaster threat the Internet all over the country? Ridiculous! But with the modern gadgets and appliances you are never sure whether the tables turn into kangaroos behind your back or not.
Here’s the list of things in your house that are likely to have an Internet access via Wi-Fi if they are of latest generations:
- smart bulb
- weather station
- home climate system
- home surveillance system
- smart TV
- smart TV box
- Wi-Fi router
- printer / scanner
- video camera
They all run Linux based operation system and they all have an access to the Web. This part of the Internet is called the Internet of Things or IoT for short. Most of them have a sticker on with the login and password set at the factory. And most users just leave it be. They seem to be sure that the manufacturers’ databases of logins and passwords will never leak. But they can’t be more wrong. Passwords can leak, they can be restored if the criminals deduct the algorithm the manufacturers use to create them.
Then the malware approaches the device and hack the firmware. The anti-virus software of today is incapable to protect your webcam or smart bulb. Andrew McGill, a reporter at The Atlantic, proved just how quick the internet of things can be hacked. The experiment took place just last year after the Mirai botnet attack. We’ll tell about it a bit later.
So, McGill built a virtual Internet-connected toaster, put it online and waited for the hackers’ first attack. You see, he didn’t doubt it he just wanted to know how long would it take. His guess was a week or perhaps several days. But the first attack took place in 41 minute! And the second attack began in less than 10 minutes. Then the attacks repeated constantly day in and day out. The McGill’s toaster wasn’t connected to the home network and didn’t provide any access to the world network, so these attempts caused no harm. But, though futile, they were persistent. The poor little brave toaster was attacked by computer scripts which prowl the net looking for such insecure devices.
What for? Hacked toasters, webcams and smart TV-boxes can be organized in a vast botnet to barrage the sites with data packets until they’re brought down. The notorious Mirai botnet did just that last year, bringing down Twitter and other popular internet resources for several hours. The data routes were clogged and Internet was down in many parts of the country. Normally, house appliances and gadgets don’t need any Twitter, of course, but hackers used them as thousands of tiny computers to attack the web. And with the army of toasters hackers can ruin the control system of the city water pipelines or the mail server.
Malware bots are another threat for the Internet community and they will continue to arrive. Now we have meet the BrickerBot. It’s malicious enough for the Homeland security to issue a strict warning. The botnet was discovered by Radware company that hunts the malware of the kind. They use the same method McGill did, or rather it was Andrew McGill who copied them. The devices that imitate smart toasters, webcams and suchlike are called honeypots. On April 5, 2017 Radware detected attack on their honeypots that went on for four days.
The malware cripples the firmware to cause Permanent Denial of Service or PDoS. The infected device cannot respond to any commands and in many cases the firmware cannot be restored even after the reinstall. In other words, the gadget ‘bricks’, hence the malware nickname – BrickerBot.
Radware detected 1,895 PDoS from BrickerBot 1 and BrickerBot 2. The location of the culprits was impossible to discover as they used the high anonymous Tor network. The malware severely corrupts the firmware and wipes the storage of the attacked device clean. But unlike the Mirai, BrickerBot doesn’t try to bring down the whole Web, it confines to compromising the devices and ruining home networks and systems.
Losing the collection of the recipes or a webcam hurts enough, but imagine BrickerBot wiping clean the video surveillance system or smart home system? This is a disaster. Can a general user oppose such a threat?
Yes. There are two simple steps toward greater security.
- CHANGE THE FACTORY SET PASSWORD.
- DISABLE TELNET IN SETTINGS.
Changing the password and login (if there’s any) is critical! Do not use your birth date or those of your family members. Do not use your cell phone number, your name or middle name or your dog’s nickname. There are a lot of offline and on-line passwords generators. A good password must be no shorter than 8 digits, contain letters (but not meaningful words!), digits and symbols like [ or * at random.
To disable the telnet port, consult your device manual. And, if you can, restrain from buying smart toasters and fridges. Just to be on the safe side.
- See also: Want to get rid of an out-to-dated electronics? Here is the best solution: Sell My used gadget for top price online today and save money for a next purchase.