NTIA Meets on IoT Security as Vigilantes Take Action
Today in Washington, the National Telecommunications and Information Administration will hold its third meeting to discuss Internet of Things (IoT) Security Upgradability and Patching. We’ll be watching the conversation to see if the stakeholders panel has any progress to report. We are seeing that the threats from competing strains of malware coupled with limited patching capabilities by vendors is making the danger posed by unsecured IoT products even greater.
Just last week, ArsTechnica first reported that a grayhat hacker is using Hajime to not only infect devices but to block Mirai -- the malware that slowed the internet to a crawl for users wanting to access some of the world’s most popular websites late last year. According to the Dan Goodin story, Hajime “has infected at least 10,000 home routers, network-connected cameras, and other so-called Internet of Things devices.” Goodin also reports that Hijame is designed to block Mirai from vulnerable devices. In fact, the “author” even includes a message for owners of connected devices who encounter Hajime:
Just a white hat, securing some systems.
Important messages will be signed like this!
While it is possible this grayhat using Hajime may have good intentions, this newest botnet infecting devices connected along the internet of things (IoT) is not doing you any favors.
First of all, Hajime isn’t built to last. Symantec engineer Waylon Grange said on his blog: “Once the device is rebooted it goes back to its unsecured state, complete with default passwords and Telnet open to the world. To have a lasting effect, the firmware would need to be updated. It is extremely difficult to update the firmware on a large scale because the process is unique to each device and in some cases is not possible without physical access.”
Second, Hajime, and other so-called vigilante bots like Wifatch and Brickerbot (which bricks – or shuts down devices it infects), are still exploiting a vulnerability in your office or your home. Perhaps Hijame can block Mirai, but that doesn’t mean it can protect you from the next generation of malware that follows, until we get a patch that truly closes the door exposing IoT devices to threat actors.
We learned what kind of threat Mirai could be last fall. Researchers at Pwnie Express found large portions of the IT security community were not prepared to defend their offices against Mirai. Two-thirds (66 percent) of the security professionals who responded to our Internet of Evil Things survey said they either haven’t checked devices in their offices for Mirai or don’t know how.
With the release of Mirai and Hajime into the wild in just a matter of months, we are now witnessing what some have called a “malwar” between Mirai users and Hajime users for control of the zombie botnet army of unsecured connected devices.
It may sound like a crazy video game your kids play, but this is very real. Which brings us back to today's meeting in DC. It is important to keep an eye on this conversation and what the regulators in Washington do to push manufacturers and merchants to protect technology buyers.
Learn More About the State of IoT Security
Want to learn more about the risks exposed by the IoT devices making their way into our personal and business lives? Download The 2017 Internet of Evil Things Report.