A new strain of IoT malware can survive a reboot


#1

Originally published at: https://boingboing.net/2018/05/09/boot-persistence.html


#2

freescan1


#3

CLICKING ISN’T DOING ANYTHING!
I TURNED OFF MY FIREWALL AND ADBLOCK AND EVERYTHING! WHY CAN’T I SCAN NOW?

Ooh, free bitcoin… *clicks*


#4

Why, oh why is Telnet still being used? Does anybody know what century this is?


#5

I still have files on my college mainframe account from the late 80s I might want someday!


#6

Well, if the compromised credentials are root or some other administrative user and you were malware looking for a device to infect, why wouldn’t you make the new copy persistent? that’s standard modus operandi for 99.9999% + of regular computer malware…


#7

I find it hard to believe that this is really the first persistent device malware. Didn’t some of them rootkit the firmware?


#8

Hey, Telnet was my gateway to the internet in the early to mid-90s! And then all the AOL people got online and, well, the internet has been shit ever since.


#9

I have no idea why it would be allowed outside of controlled environments; but (along with its good buddy tftp) it has the virtue of being about as simple as anything remotely standard and compatible with running on top of a network interface; so it’s the best friend of a confused bootloader or badly broken system that doesn’t have a serial or other console handy. SSH is a monster by comparison; though certainly small enough that anyone shipping a SoC large enough to run Linux should be moved to include it by moral suasion and/or threats of gruesome violence.

In an ideal world, of course, this would be an argument for the extermination of telnet and mandatory provison of serial consoles on basically everything Turing complete; but ours isn’t even a locally optimal world; much less an ideal one.


#10

This topic was automatically closed after 5 days. New replies are no longer allowed.