The IoT botnet wars, Linux devices, and the absence of basic security hardening

Drew Moseley explores the malware infecting Linux IoT devices, including Mirai, Hajime, and BrickerBot, and the vulnerabilities they leverage to enslave or brick connected devices. Drew then walks you through specific vectors they used to exploit devices and covers some security hardening basic concepts and practices that would have largely protected against them.

An ongoing battle is being waged to leverage insecure Linux-based internet of things (IoT) devices. For example, BrickerBot attacks connected devices and causes them to “brick,” making them completely useless in a permanent denial-of-service (PDoS) attack. Likewise, Mirai was behind the largest DDoS attack of its kind ever in October 2016, with an estimated throughput of 1.2 terabits per second. It leveraged a botnet consisting of connected printers, IP cameras, residential gateways, and baby monitors to bring down large portions of the internet, including services such as Netflix, GitHub, HBO, Amazon, Reddit, Twitter, and DIRECTV. (BrickerBot’s goal appears to counter Mirai’s: bricking insecure Linux devices so that malware such as Mirai can’t subjugate these devices in another DDoS attack.) Drew Moseley explores the malware infecting Linux IoT devices, including Mirai, BrickerBot, and Hajime, and the vulnerabilities they leverage to enslave or brick connected devices. Drew then walks you through specific vectors they used to exploit devices and covers some security hardening basic concepts and practices that would have largely protected against them. Drew also discusses Mender.io, an open source project to deploy over-the-air (OTA) software updates to embedded Linux devices (the IoT). Topics include: